Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,782
Erlang
36
GitHub Actions
29
Go
2,346
Maven
5,000+
npm
3,976
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
980
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

388 advisories

Loading
The system application (com.transsion.kolun.aiservice) component does not perform an... Critical Unreviewed
CVE-2024-3701 was published Apr 15, 2024
The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated... Critical Unreviewed
CVE-2024-3777 was published Apr 15, 2024
An unauthenticated remote attacker who is aware of a MQTT topic name can send and receive... Critical Unreviewed
CVE-2023-1083 was published Apr 9, 2024
u-boot bug that allows for u-boot shell and interrupt over UART Critical Unreviewed
CVE-2023-48426 was published Apr 5, 2024
Improper access control in PAM vault permissions in Devolutions Server 2024.1.6 and earlier... Critical Unreviewed
CVE-2024-2921 was published Mar 26, 2024
An unauthenticated remote attacker can modify configurations to perform a remote code execution... Critical Unreviewed
CVE-2024-25995 was published Mar 12, 2024
In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible Critical Unreviewed
CVE-2024-23917 was published Feb 6, 2024
The MachineSense application programmable interface (API) is improperly protected and can be... Critical Unreviewed
CVE-2023-49617 was published Feb 2, 2024
An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An... Critical Unreviewed
CVE-2024-23618 was published Jan 26, 2024
Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote... Critical Unreviewed
CVE-2023-51947 was published Jan 19, 2024
ASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to... Critical Unreviewed
CVE-2023-5716 was published Jan 19, 2024
The router console is accessible without authentication at "data" field, and while a user needs... Critical Unreviewed
CVE-2023-49255 was published Jan 12, 2024
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to... Critical Unreviewed
CVE-2023-51989 was published Jan 11, 2024
D-Link DIR-822+ V1.0.2 contains a login bypass in the HNAP1 interface, which allows attackers to... Critical Unreviewed
CVE-2023-51987 was published Jan 11, 2024
An issue was discovered in Heimdal Thor agent versions 3.4.2 and before on Windows and 2.6.9 and... Critical Unreviewed
CVE-2023-29485 was published Dec 21, 2023
An authentication bypass vulnerability has been found in Repox, which allows a remote user to... Critical Unreviewed
CVE-2023-6718 was published Dec 13, 2023
NETGEAR ProSAFE Network Management System has Java Debug Wire Protocol (JDWP) listening on port... Critical Unreviewed
CVE-2023-49693 was published Nov 30, 2023
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet... Critical Unreviewed
CVE-2023-42770 was published Nov 21, 2023
Missing authentication for critical function vulnerability in First Corporation's DVRs allows a... Critical Unreviewed
CVE-2023-47674 was published Nov 16, 2023
VMware Cloud Director Appliance contains an authentication bypass vulnerability in case VMware... Critical Unreviewed
CVE-2023-34060 was published Nov 14, 2023
Insufficient Verification of Data Authenticity vulnerability in Mitsubishi Electric Corporation... Critical Unreviewed
CVE-2023-4699 was published Nov 6, 2023
Chunghwa Telecom NOKIA G-040W-Q has a vulnerability of authentication bypass, which allows an... Critical Unreviewed
CVE-2023-41351 was published Nov 3, 2023
Undisclosed requests may bypass configuration utility authentication, allowing an attacker... Critical Unreviewed
CVE-2023-46747 was published Oct 26, 2023
A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius... Critical Unreviewed
CVE-2023-39930 was published Oct 25, 2023
Missing authentication in the SetDB method in IDAttend’s IDWeb application 3.1.052 and earlier... Critical Unreviewed
CVE-2023-26573 was published Oct 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database