Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,820
Erlang
36
GitHub Actions
32
Go
2,410
Maven
5,000+
npm
4,050
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,003
Swift
38
Unreviewed advisories
All unreviewed
5,000+

165 advisories

Loading
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the... High Unreviewed
CVE-2024-3982 was published Aug 27, 2024
Hyperledger Fabric does not verify request has a timestamp within the expected time window Moderate
CVE-2024-45244 was published for github.com/hyperledger/fabric (Go) Aug 25, 2024
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and... High Unreviewed
CVE-2024-38890 was published Aug 2, 2024
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. Moderate Unreviewed
CVE-2024-5249 was published Jul 30, 2024
D-Link - CWE-294: Authentication Bypass by Capture-replay Critical Unreviewed
CVE-2024-38438 was published Jul 21, 2024
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay... Moderate Unreviewed
CVE-2024-37016 was published Jul 15, 2024
There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file... High Unreviewed
CVE-2024-38272 was published Jun 26, 2024
Transmitted data is logged between the device and the backend service. An attacker could use... Unknown Unreviewed
CVE-2024-38284 was published Jun 13, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy Convly innerdvations alexandrebodin
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows... Critical Unreviewed
CVE-2024-4009 was published Jun 5, 2024
Veeam Backup Enterprise Manager allows account takeover via NTLM relay. High Unreviewed
CVE-2024-29850 was published May 23, 2024
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise... High Unreviewed
CVE-2024-29851 was published May 23, 2024
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass... Critical Unreviewed
CVE-2023-47435 was published Apr 19, 2024
@workos-inc/authkit-nextjs session replay vulnerability Moderate
CVE-2024-29901 was published for @workos-inc/authkit-nextjs (npm) Mar 29, 2024
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an... Critical Unreviewed
CVE-2023-49231 was published Mar 29, 2024
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC... Moderate Unreviewed
CVE-2023-6374 was published Jan 30, 2024
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to... High Unreviewed
CVE-2023-46892 was published Jan 23, 2024
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical... Moderate Unreviewed
CVE-2023-50128 was published Jan 11, 2024
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3... High Unreviewed
CVE-2022-46480 was published Dec 5, 2023
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X... High Unreviewed
CVE-2023-39547 was published Nov 17, 2023
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4... Moderate Unreviewed
CVE-2023-45794 was published Nov 14, 2023
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay... Moderate Unreviewed
CVE-2023-36857 was published Oct 19, 2023
Sustainsys.Saml2 Insufficient Identity Provider Issuer Validation High
CVE-2023-41890 was published for Kentor.AuthServices (NuGet) Sep 20, 2023
c53robin
A remote authentication bypass issue exists in some OneView APIs. Critical Unreviewed
CVE-2023-30909 was published Sep 14, 2023
 A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. Moderate Unreviewed
CVE-2023-39373 was published Sep 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database