Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,360
Erlang
33
GitHub Actions
22
Go
2,127
Maven
5,000+
npm
3,793
NuGet
683
pip
3,471
Pub
12
RubyGems
894
Rust
894
Swift
38
Unreviewed advisories
All unreviewed
5,000+

207 advisories

Loading
Undisclosed requests may bypass configuration utility authentication, allowing an attacker... Critical Unreviewed
CVE-2023-46747 was published Oct 26, 2023
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius... Critical Unreviewed
CVE-2023-39930 was published Oct 25, 2023
PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring... Moderate Unreviewed
CVE-2023-39231 was published Oct 25, 2023
IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 could allow a remote user to... High Unreviewed
CVE-2023-43045 was published Oct 23, 2023
WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive... High Unreviewed
CVE-2023-46319 was published Oct 23, 2023
The WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2021-4353 was published Oct 20, 2023
A vulnerability of authentication bypass has been found on a Zebra Technologies ZTC ZT410-203dpi... Moderate Unreviewed
CVE-2023-4957 was published Oct 11, 2023
Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310... High Unreviewed
CVE-2023-42771 was published Oct 3, 2023
kube-apiserver authentication bypass vulnerability High
CVE-2023-1260 was published for github.com/openshift/apiserver-library-go (Go) Sep 24, 2023
In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server... Critical Unreviewed
CVE-2023-42793 was published Sep 19, 2023
Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas... Critical Unreviewed
CVE-2023-4702 was published Sep 14, 2023
A remote authentication bypass issue exists in some OneView APIs. Critical Unreviewed
CVE-2023-30909 was published Sep 14, 2023
Dover Fueling Solutions MAGLINK LX Web Console Configuration versions 2.5.1, 2.5.2, 2.5.3, 2.6.1... Critical Unreviewed
CVE-2023-41256 was published Sep 11, 2023
A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA)... Critical Unreviewed
CVE-2023-20269 was published Sep 6, 2023
The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to authentication... Critical Unreviewed
CVE-2023-3162 was published Aug 31, 2023
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the... Critical Unreviewed
CVE-2023-32002 was published Aug 21, 2023
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07... Critical Unreviewed
CVE-2023-36091 was published Jul 31, 2023
AMI BMC contains a vulnerability in the IPMI handler, where an unauthenticated host is allowed to... Critical Unreviewed
CVE-2023-34335 was published Jul 6, 2023
The iBoot device’s basic discovery protocol assists in initial device configuration. The... High Unreviewed
CVE-2022-47320 was published Jul 6, 2023
The Web3 – Crypto wallet Login & NFT token gating plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2023-3249 was published Jun 30, 2023
The BookIt plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2023-2834 was published Jun 30, 2023
A security defect was identified in Foundry Issues. If a user was added to an issue on a resource... Moderate Unreviewed
CVE-2023-30946 was published Jun 29, 2023
The WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) plugin for WordPress... Critical Unreviewed
CVE-2023-2982 was published Jun 29, 2023
The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to authentication... Critical Unreviewed
CVE-2023-2986 was published Jun 8, 2023
The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up... Moderate Unreviewed
CVE-2021-4373 was published Jun 7, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database