GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,594 advisories
Filter by severity
In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation.
High
Unreviewed
CVE-2024-1609
was published
Dec 25, 2024
The AirVantage platform is vulnerable to an unauthorized attacker registering previously...
High
Unreviewed
CVE-2023-31279
was published
Dec 21, 2024
Socialstream has a Potential Account Takeover Vulnerability in Social Account Linking Due to Missing User Consent After OAuth Callback
High
CVE-2024-56329
was published
for
joelbutcher/socialstream
(Composer)
Dec 20, 2024
There is an insufficient authentication vulnerability in some Huawei smart phone. An...
Low
Unreviewed
CVE-2020-9250
was published
Dec 20, 2024
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.
High
Unreviewed
CVE-2024-1610
was published
Dec 18, 2024
The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all...
Critical
Unreviewed
CVE-2024-12287
was published
Dec 18, 2024
A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing...
Unknown
Unreviewed
CVE-2024-12603
was published
Dec 13, 2024
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all...
Critical
Unreviewed
CVE-2024-11015
was published
Dec 12, 2024
The OAuth Single Sign On – SSO (OAuth Client) plugin for WordPress is vulnerable to...
High
Unreviewed
CVE-2024-10111
was published
Dec 12, 2024
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
High
Unreviewed
CVE-2024-49076
was published
Dec 12, 2024
CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the...
Moderate
Unreviewed
CVE-2024-10511
was published
Dec 11, 2024
lxd has a restricted TLS certificate privilege escalation when in PKI mode
Low
CVE-2024-6219
was published
for
github.com/canonical/lxd
(Go)
Dec 9, 2024
NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulnerability where an attacker...
High
Unreviewed
CVE-2024-0130
was published
Dec 6, 2024
An improper authentication vulnerability has been reported to affect several QNAP operating...
Moderate
Unreviewed
CVE-2024-48859
was published
Dec 6, 2024
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User...
High
Unreviewed
CVE-2024-11293
was published
Dec 4, 2024
Apache Ozone: Improper authentication when generating S3 secrets
High
CVE-2024-45106
was published
for
org.apache.ozone:ozone
(Maven)
Dec 3, 2024
AsyncHttpClient (AHC) library's `CookieStore` replaces explicitly defined `Cookie`s
Critical
CVE-2024-53990
was published
for
org.asynchttpclient:async-http-client
(Maven)
Dec 2, 2024
Withdrawn Advisory: Symfony http-security has authentication bypass
Moderate
CVE-2024-36611
was published
for
symfony/security-http
(Composer)
Nov 29, 2024
•
withdrawn
Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion
Moderate
CVE-2024-43784
was published
for
github.com/treeverse/lakefs
(Go)
Nov 26, 2024
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability....
Critical
Unreviewed
CVE-2024-11680
was published
Nov 26, 2024
An image with a version lower than the fuse version may potentially be booted lead to improper...
High
Unreviewed
CVE-2018-11952
was published
Nov 26, 2024
Initial xbl_sec revision does not have all the debug policy features and critical checks.
High
Unreviewed
CVE-2016-10394
was published
Nov 26, 2024
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager...
Moderate
Unreviewed
CVE-2024-11671
was published
Nov 25, 2024
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could
lead...
Moderate
Unreviewed
CVE-2022-33862
was published
Nov 25, 2024
ProTip!
Advisories are also available from the
GraphQL API