Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

133 advisories

Loading
The session hijacking attack targets the application layer's control mechanism, which manages... High Unreviewed
CVE-2024-43099 was published Sep 13, 2024
OPA for Windows has an SMB force-authentication vulnerability Moderate
CVE-2024-8260 was published for github.com/open-policy-agent/opa (Go) Aug 30, 2024
An attacker with local access to machine where MicroSCADA X SYS600 is installed, could enable the... High Unreviewed
CVE-2024-3982 was published Aug 27, 2024
An issue in Horizon Business Services Inc. Caterease Software 16.0.1.1663 through 24.0.1.2405 and... High Unreviewed
CVE-2024-38890 was published Aug 2, 2024
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. Moderate Unreviewed
CVE-2024-5249 was published Jul 30, 2024
D-Link - CWE-294: Authentication Bypass by Capture-replay Critical Unreviewed
CVE-2024-38438 was published Jul 21, 2024
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay... Moderate Unreviewed
CVE-2024-37016 was published Jul 15, 2024
There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file... High Unreviewed
CVE-2024-38272 was published Jun 26, 2024
Transmitted data is logged between the device and the backend service. An attacker could use... Unknown Unreviewed
CVE-2024-38284 was published Jun 13, 2024
@strapi/plugin-users-permissions leaks 3rd party authentication tokens and authentication bypass High
CVE-2024-34065 was published for @strapi/plugin-users-permissions (npm) Jun 12, 2024
Eventyret iarce-qb
derrickmehaffy innerdvations alexandrebodin
Replay Attack in ABB, Busch-Jaeger, FTS Display (version 1.00) and BCU (version 1.3.0.33) allows... Critical Unreviewed
CVE-2024-4009 was published Jun 5, 2024
Veeam Backup Enterprise Manager allows account takeover via NTLM relay. High Unreviewed
CVE-2024-29850 was published May 23, 2024
Veeam Backup Enterprise Manager allows high-privileged users to steal NTLM hash of Enterprise... High Unreviewed
CVE-2024-29851 was published May 23, 2024
An issue in the verifyPassword function of hexo-theme-matery v2.0.0 allows attackers to bypass... Critical Unreviewed
CVE-2023-47435 was published Apr 19, 2024
@workos-inc/authkit-nextjs session replay vulnerability Moderate
CVE-2024-29901 was published for @workos-inc/authkit-nextjs (npm) Mar 29, 2024
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC... Moderate Unreviewed
CVE-2023-6374 was published Jan 30, 2024
The radio frequency communication protocol being used by Meross MSH30Q 4.5.23 is vulnerable to... High Unreviewed
CVE-2023-46892 was published Jan 23, 2024
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical... Moderate Unreviewed
CVE-2023-50128 was published Jan 11, 2024
Incorrect Session Management and Credential Re-use in the Bluetooth LE stack of the Ultraloq UL3... High Unreviewed
CVE-2022-46480 was published Dec 5, 2023
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X... High Unreviewed
CVE-2023-39547 was published Nov 17, 2023
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4... Moderate Unreviewed
CVE-2023-45794 was published Nov 14, 2023
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay... Moderate Unreviewed
CVE-2023-36857 was published Oct 19, 2023
 A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. Moderate Unreviewed
CVE-2023-39373 was published Sep 3, 2023
VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in... High Unreviewed
CVE-2023-20900 was published Aug 31, 2023
ShowMojo MojoBox Digital Lockbox 1.4 is vulnerable to Authentication Bypass. The implementation... High Unreviewed
CVE-2023-34625 was published Jul 20, 2023
ProTip! Advisories are also available from the GraphQL API