GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
68 advisories
Filter by severity
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested....
High
Unreviewed
CVE-2024-50380
was published
Dec 2, 2024
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them...
High
Unreviewed
CVE-2024-36466
was published
Nov 28, 2024
CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause a denial of...
High
Unreviewed
CVE-2024-8935
was published
Nov 13, 2024
A clipboard "paste" button could persist across tabs which allowed a spoofing attack. This...
High
Unreviewed
CVE-2024-10465
was published
Oct 29, 2024
Truncation of a long URL could have allowed origin spoofing in a permission prompt. This...
High
Unreviewed
CVE-2024-10462
was published
Oct 29, 2024
Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing,...
High
Unreviewed
CVE-2024-49193
was published
Oct 12, 2024
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the...
High
Unreviewed
CVE-2024-44104
was published
Sep 10, 2024
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In...
High
Unreviewed
CVE-2024-41107
was published
Jul 19, 2024
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured...
High
Unreviewed
CVE-2023-40702
was published
Jul 9, 2024
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA...
High
Unreviewed
CVE-2023-40356
was published
Jul 9, 2024
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can...
High
Unreviewed
CVE-2024-5037
was published
Jun 5, 2024
cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by...
High
Unreviewed
CVE-2024-33531
was published
Apr 24, 2024
A vulnerability has been identified in SCALANCE W1748-1 M12 (6GK5748-1GY01-0AA0), SCALANCE W1748...
High
Unreviewed
CVE-2024-30191
was published
Apr 9, 2024
in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification...
High
Unreviewed
CVE-2024-22092
was published
Apr 2, 2024
Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS...
High
Unreviewed
CVE-2024-22457
was published
Mar 1, 2024
An inconsistent user interface issue was addressed with improved state management. This issue is...
High
Unreviewed
CVE-2023-42843
was published
Feb 21, 2024
When opening a website using the `firefox://` protocol handler, SameSite cookies were not...
High
Unreviewed
CVE-2024-1555
was published
Feb 20, 2024
An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via...
High
Unreviewed
CVE-2024-22519
was published
Feb 7, 2024
An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones...
High
Unreviewed
CVE-2024-22520
was published
Feb 7, 2024
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful...
High
Unreviewed
CVE-2023-4566
was published
Jan 16, 2024
Vulnerability of trust relationships being inaccurate in distributed scenarios. Successful...
High
Unreviewed
CVE-2023-44117
was published
Jan 16, 2024
An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a...
High
Unreviewed
CVE-2023-6263
was published
Nov 22, 2023
Authentication bypass vulnerability, the exploitation of which could allow a local attacker to...
High
Unreviewed
CVE-2023-3103
was published
Nov 22, 2023
This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from...
High
Unreviewed
CVE-2023-5133
was published
Oct 16, 2023
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from...
High
Unreviewed
CVE-2023-4279
was published
Sep 4, 2023
ProTip!
Advisories are also available from the
GraphQL API