GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,563 advisories
Filter by severity
The web application uses a weak authentication mechanism to verify that a request is coming from...
Critical
Unreviewed
CVE-2024-45369
was published
Nov 23, 2024
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability....
High
Unreviewed
CVE-2024-6248
was published
Nov 22, 2024
github.com/rancher/steve's users can issue watch commands for arbitrary resources
High
CVE-2024-52280
was published
for
github.com/rancher/steve
(Go)
Nov 20, 2024
**UNSUPPORTED WHEN ASSIGNED** The improper authentication vulnerability in the Zyxel P-6101C ADSL...
High
Unreviewed
CVE-2024-11494
was published
Nov 20, 2024
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
Critical
CVE-2024-47533
was published
for
cobbler
(pip)
Nov 18, 2024
A vulnerability was found in Apereo CAS 6.6. It has been classified as critical. This affects an...
Moderate
Unreviewed
CVE-2024-11209
was published
Nov 14, 2024
Symfony has an Authentication Bypass via RememberMe
High
CVE-2024-51996
was published
for
symfony/security-http
(Composer)
Nov 13, 2024
Windows Task Scheduler Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-49039
was published
Nov 12, 2024
A vulnerability was found in pam_access due to the improper handling of tokens in access.conf,...
Moderate
Unreviewed
CVE-2024-10963
was published
Nov 7, 2024
Symfony's `Security::login` does not take into account custom `user_checker`
Low
CVE-2024-50341
was published
for
symfony/security-bundle
(Composer)
Nov 6, 2024
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress...
High
Unreviewed
CVE-2024-9946
was published
Nov 6, 2024
The Heateor Social Login WordPress plugin for WordPress is vulnerable to authentication bypass in...
High
Unreviewed
CVE-2024-10020
was published
Nov 6, 2024
Waybox Enel X web management API authentication could be bypassed and provide administrator’s...
High
Unreviewed
CVE-2023-29117
was published
Nov 5, 2024
gitsign may use incorrect Rekor entries during verification
Low
CVE-2024-51746
was published
for
github.com/sigstore/gitsign
(Go)
Nov 5, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in all...
High
Unreviewed
CVE-2024-10114
was published
Nov 5, 2024
The Loginizer Security and Loginizer plugins for WordPress are vulnerable to authentication...
High
Unreviewed
CVE-2024-10097
was published
Nov 5, 2024
A vulnerability was found in knightliao Disconf 2.6.36. It has been classified as critical. This...
Moderate
Unreviewed
CVE-2024-10620
was published
Nov 1, 2024
Duende IdentityServer has insufficient validation of DPoP cnf claim in Local APIs
Low
CVE-2024-49755
was published
for
Duende.IdentityServer
(NuGet)
Oct 28, 2024
Authentication Bypass by Primary Weakness vulnerability in Swoop 1-Click Login: Passwordless...
Critical
Unreviewed
CVE-2024-50478
was published
Oct 28, 2024
User Registration Bypass in Zitadel
High
CVE-2024-49757
was published
for
github.com/zitadel/zitadel
(Go)
Oct 25, 2024
Autolab Misconfigured Reset Password Permissions
High
CVE-2024-49376
was published
for
Autolab
(RubyGems)
Oct 25, 2024
In WhatsUp Gold versions released before 2024.0.0,
an Authentication Bypass issue exists which...
Critical
Unreviewed
CVE-2024-7763
was published
Oct 24, 2024
A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows...
High
Unreviewed
CVE-2024-10327
was published
Oct 24, 2024
The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass in all versions...
High
Unreviewed
CVE-2024-9947
was published
Oct 23, 2024
The WooCommerce Order Proposal plugin for WordPress is vulnerable to privilege escalation via...
High
Unreviewed
CVE-2024-9927
was published
Oct 23, 2024
ProTip!
Advisories are also available from the
GraphQL API