Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,783
NuGet
683
pip
3,463
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,203 advisories

Loading
Improper password reset in PAM Module in Devolutions Server 2024.3.10.0 and earlier allows an... Moderate Unreviewed
CVE-2025-1231 was published Feb 11, 2025
A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This... Moderate Unreviewed
CVE-2025-1104 was published Feb 7, 2025
When multiple server blocks are configured to share the same IP address and port, an attacker can... Moderate Unreviewed
CVE-2025-23419 was published Feb 5, 2025
If LDAP settings are accessed, authentication could be redirected to another server, potentially... Moderate Unreviewed
CVE-2024-12510 was published Feb 3, 2025
API Security bypass through header manipulation Moderate Unreviewed
CVE-2024-55925 was published Jan 23, 2025
Authentication Bypass Due to Missing LDAP Bind After Password Reset in Keycloak Moderate
CVE-2025-0604 was published for org.keycloak:keycloak-ldap-federation (Maven) Jan 22, 2025
matrix-media-repo (MMR) allows unauthenticated writes to the media repository, which may allow planting of problematic content Moderate
CVE-2024-36402 was published for github.com/t2bot/matrix-media-repo (Go) Jan 16, 2025
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys,... Moderate Unreviewed
CVE-2024-42172 was published Jan 11, 2025
A user with administrator privileges is able to retrieve authentication tokens Moderate Unreviewed
CVE-2024-9133 was published Jan 11, 2025
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly... Moderate Unreviewed
CVE-2024-13309 was published Jan 9, 2025
Vulnerability of improper authentication in the ANS system service module Impact: Successful... Moderate Unreviewed
CVE-2023-52955 was published Jan 8, 2025
Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful... Moderate Unreviewed
CVE-2024-56445 was published Jan 8, 2025
A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan... Moderate Unreviewed
CVE-2024-13111 was published Jan 2, 2025
CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the... Moderate Unreviewed
CVE-2024-10511 was published Dec 11, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating... Moderate Unreviewed
CVE-2024-48859 was published Dec 6, 2024
Withdrawn Advisory: Symfony http-security has authentication bypass Moderate
CVE-2024-36611 was published for symfony/security-http (Composer) Nov 29, 2024 withdrawn
jderusse
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion Moderate
CVE-2024-43784 was published for github.com/treeverse/lakefs (Go) Nov 26, 2024
N-o-Z
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager... Moderate Unreviewed
CVE-2024-11671 was published Nov 25, 2024
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead... Moderate Unreviewed
CVE-2022-33862 was published Nov 25, 2024
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an... Moderate Unreviewed
CVE-2024-11209 was published Nov 14, 2024
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf,... Moderate Unreviewed
CVE-2024-10963 was published Nov 7, 2024
A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This... Moderate Unreviewed
CVE-2024-10620 was published Nov 1, 2024
A vulnerability has been found in didi DDMQ 1.0 and classified as critical. Affected by this... Moderate Unreviewed
CVE-2024-10173 was published Oct 20, 2024
A vulnerability was found in Quay, which allows successful authentication even when a truncated... Moderate Unreviewed
CVE-2024-9683 was published Oct 17, 2024
In the goTenna Pro there is a vulnerability that makes it possible to inject any custom message... Moderate Unreviewed
CVE-2024-47127 was published Sep 26, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database