Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,970
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

48 advisories

Loading
Identity Spoofing in libp2p-secio Critical
GHSA-rch7-f4h5-x9rj was published for libp2p-secio (npm) Aug 23, 2019
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP... Critical Unreviewed
CVE-2020-22001 was published May 24, 2022
An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x... Critical Unreviewed
CVE-2022-2310 was published Jul 28, 2022
A CWE-290: Authentication Bypass by Spoofing vulnerability exists in all versions of the Modicon... Critical Unreviewed
CVE-2018-7842 was published May 24, 2022
Authentication Bypass by Spoofing vulnerability exists in EcoStruxure Control Expert (all... Critical Unreviewed
CVE-2021-22779 was published May 24, 2022
Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By... Critical Unreviewed
CVE-2020-7388 was published May 24, 2022
Versions up to, and including, 5.4.3, of the Booster for WooCommerce WordPress plugin are... Critical Unreviewed
CVE-2021-34646 was published May 24, 2022
EMC Unisphere for VMAX Virtual Appliance (vApp) versions prior to 8.4.0.15, EMC Solutions Enabler... Critical Unreviewed
CVE-2017-14375 was published May 13, 2022
Authentication Bypass in dex Critical
CVE-2020-27847 was published for github.com/dexidp/dex (Go) Dec 20, 2021
The OhMiBod Remote app for Android and iOS allows remote attackers to impersonate users by... Critical Unreviewed
CVE-2017-14487 was published May 13, 2022
An attacker can abuse the batch-requests plugin to send requests to bypass the IP restriction of... Critical Unreviewed
CVE-2022-24112 was published Feb 12, 2022
Implementation trusts the "me" field returned by the authorization server without verifying it Critical
GHSA-mjcr-rqjg-rhg3 was published for datasette-indieauth (pip) Nov 24, 2020
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows... Critical Unreviewed
CVE-2023-4178 was published Sep 5, 2023
Vulnerability of identity verification being bypassed in the face unlock module. Successful... Critical Unreviewed
CVE-2023-5801 was published Nov 8, 2023
** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an... Critical Unreviewed
CVE-2023-3243 was published Jun 28, 2023
Authentication Bypass by Spoofing vulnerability in CBOT Chatbot allows Authentication Bypass.This... Critical Unreviewed
CVE-2023-2887 was published May 25, 2023
Authentication Bypass by Spoofing vulnerability in the password reset process of Pandora FMS... Critical Unreviewed
CVE-2023-2807 was published Jun 13, 2023
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For... Critical Unreviewed
CVE-2021-25827 was published Jun 28, 2023
An authentication bypass issue via spoofing was discovered in the token-based authentication... Critical Unreviewed
CVE-2023-22814 was published Jul 1, 2023
Vulnerability of identity verification being bypassed in the Gallery module. Successful... Critical Unreviewed
CVE-2022-48513 was published Jul 6, 2023
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication... Critical Unreviewed
CVE-2023-30803 was published Oct 10, 2023
Windows Kerberos Security Feature Bypass Vulnerability Critical Unreviewed
CVE-2024-20674 was published Jan 9, 2024
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry... Critical Unreviewed
CVE-2024-37082 was published Jul 3, 2024
python-jwt vulnerable to token forgery with new claims Critical
CVE-2022-39227 was published for python-jwt (pip) Sep 21, 2022
TomTervoort
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database