GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
285 advisories
Filter by severity
Vilo 5 Mesh WiFi System <= 5.16.1.33 is vulnerable to Insecure Permissions. Lack of...
Critical
Unreviewed
CVE-2024-40087
was published
Oct 21, 2024
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing...
Critical
Unreviewed
CVE-2024-45274
was published
Oct 15, 2024
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality,...
Critical
Unreviewed
CVE-2024-9984
was published
Oct 15, 2024
An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9,...
Critical
Unreviewed
CVE-2024-9164
was published
Oct 11, 2024
TEM Opera Plus FM Family Transmitter allows access to an unprotected endpoint that allows MPFS...
Critical
Unreviewed
CVE-2024-41988
was published
Oct 3, 2024
An unauthenticated remote attacker may use a missing authentication for critical function...
Critical
Unreviewed
CVE-2024-35293
was published
Oct 2, 2024
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-9289
was published
Oct 1, 2024
Sourcecodester Online Medicine Ordering System 1.0 is vulnerable to Incorrect Access Control....
Critical
Unreviewed
CVE-2024-46293
was published
Sep 30, 2024
Certain switch models from PLANET Technology lack proper access control in firmware upload and...
Critical
Unreviewed
CVE-2024-8456
was published
Sep 30, 2024
OMNTEC Proteus Tank Monitoring OEL8000III Series
could allow an attacker to perform...
Critical
Unreviewed
CVE-2024-6981
was published
Sep 27, 2024
OPW Fuel Management Systems SiteSentinel
could allow an attacker to bypass authentication to the...
Critical
Unreviewed
CVE-2024-8310
was published
Sep 27, 2024
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass...
Critical
Unreviewed
CVE-2024-8277
was published
Sep 11, 2024
Swissphone DiCal-RED 4009 devices allow a remote attacker to gain a root shell via TELNET without...
Critical
Unreviewed
CVE-2024-36445
was published
Aug 22, 2024
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel
Critical
Unreviewed
CVE-2024-38437
was published
Jul 21, 2024
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an...
Critical
Unreviewed
CVE-2024-5910
was published
Jul 10, 2024
An unauthenticated remote attacker can manipulate the device via Telnet, stop processes, read,...
Critical
Unreviewed
CVE-2024-6422
was published
Jul 10, 2024
A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs....
Critical
Unreviewed
CVE-2023-41918
was published
Jul 2, 2024
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server /
API Gateway...
Critical
Unreviewed
CVE-2024-2013
was published
Jun 11, 2024
An issue regarding missing authentication for certain utilities exists in CyberPower PowerPanel...
Critical
Unreviewed
CVE-2024-32735
was published
May 14, 2024
Control Web Panel Missing Authentication Remote Code Execution Vulnerability. This vulnerability...
Critical
Unreviewed
CVE-2023-42121
was published
May 3, 2024
Triangle MicroWorks SCADA Data Gateway Missing Authentication Vulnerability. This vulnerability...
Critical
Unreviewed
CVE-2023-39457
was published
May 3, 2024
A missing authentication for critical function vulnerability has been reported to affect...
Critical
Unreviewed
CVE-2024-32764
was published
Apr 26, 2024
The system application (com.transsion.kolun.aiservice) component does not perform an...
Critical
Unreviewed
CVE-2024-3701
was published
Apr 15, 2024
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated...
Critical
Unreviewed
CVE-2024-3777
was published
Apr 15, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive...
Critical
Unreviewed
CVE-2023-1083
was published
Apr 9, 2024
ProTip!
Advisories are also available from the
GraphQL API