Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

70 advisories

Loading
Authentication Bypass Using an Alternate Path or Channel vulnerability in Najeeb Ahmad Simple... Critical Unreviewed
CVE-2024-49604 was published Oct 20, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in Vivek Tamrakar WP REST... Critical Unreviewed
CVE-2024-49328 was published Oct 20, 2024
The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in all... Critical Unreviewed
CVE-2024-9893 was published Oct 16, 2024
: Authentication Bypass Using an Alternate Path or Channel vulnerability in sooskriszta, webforza... Critical Unreviewed
CVE-2024-49247 was published Oct 16, 2024
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2024-9105 was published Oct 16, 2024
The Pedalo Connector plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2024-9822 was published Oct 11, 2024
The LatePoint plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2024-8943 was published Oct 8, 2024
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the... Critical Unreviewed
CVE-2023-32002 was published Aug 21, 2023
The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-9289 was published Oct 1, 2024
The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions... Critical Unreviewed
CVE-2024-9106 was published Oct 1, 2024
The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass... Critical Unreviewed
CVE-2024-8277 was published Sep 11, 2024
A remote authentication bypass issue exists in some OneView APIs. Critical Unreviewed
CVE-2023-30909 was published Sep 14, 2023
An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full... Critical Unreviewed
CVE-2024-43692 was published Sep 25, 2024
D-Link - CWE-288:Authentication Bypass Using an Alternate Path or Channel Critical Unreviewed
CVE-2024-38437 was published Jul 21, 2024
An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an... Critical Unreviewed
CVE-2023-49231 was published Mar 29, 2024
The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management... Critical Unreviewed
CVE-2024-2055 was published Mar 5, 2024
The N-central server is vulnerable to an authentication bypass of the user interface. This... Critical Unreviewed
CVE-2024-28200 was published Jul 1, 2024
An authentication bypass vulnerability exists in the FOXMAN-UN/UNEM server / API Gateway... Critical Unreviewed
CVE-2024-2013 was published Jun 11, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2024-7503 was published Aug 12, 2024
Authentication Bypass Using an Alternate Path or Channel vulnerability in GST Electronics inohom... Critical Unreviewed
CVE-2024-6684 was published Aug 12, 2024
The Appointment Booking Calendar Plugin and Online Scheduling Plugin – BookingPress plugin for... Critical Unreviewed
CVE-2024-7350 was published Aug 8, 2024
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote... Critical Unreviewed
CVE-2020-10148 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** Authentication Bypass vulnerability in D-Link DIR-895 FW102b07... Critical Unreviewed
CVE-2023-36091 was published Jul 31, 2023
Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise... Critical Unreviewed
CVE-2024-29849 was published May 23, 2024
An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to... Critical Unreviewed
CVE-2023-37057 was published Jun 17, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database