GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
249 advisories
Filter by severity
Header spoofing in caddy-geo-ip
Moderate
CVE-2023-50463
was published
for
github.com/shift72/caddy-geo-ip
(Go)
Dec 11, 2023
An issue was discovered in Network Optix NxCloud before 23.1.0.40440. It was possible to add a...
High
Unreviewed
CVE-2023-6263
was published
Nov 22, 2023
Authentication bypass vulnerability, the exploitation of which could allow a local attacker to...
High
Unreviewed
CVE-2023-3103
was published
Nov 22, 2023
Vulnerability of identity verification being bypassed in the face unlock module. Successful...
Critical
Unreviewed
CVE-2023-5801
was published
Nov 8, 2023
Multiple Cisco products are affected by a vulnerability in Snort access control policies that...
Moderate
Unreviewed
CVE-2023-20246
was published
Nov 1, 2023
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance ...
Moderate
Unreviewed
CVE-2023-20256
was published
Nov 1, 2023
Multiple vulnerabilities in the per-user-override feature of Cisco Adaptive Security Appliance ...
Moderate
Unreviewed
CVE-2023-20245
was published
Nov 1, 2023
An authentication bypass by spoofing of a device with a synthetic IP address is possible in...
Moderate
Unreviewed
CVE-2023-28803
was published
Oct 23, 2023
This user-activity-log-pro WordPress plugin before 2.3.4 retrieves client IP addresses from...
High
Unreviewed
CVE-2023-5133
was published
Oct 16, 2023
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to an authentication...
Critical
Unreviewed
CVE-2023-30803
was published
Oct 10, 2023
The DoLogin Security WordPress plugin before 3.7 uses headers such as the X-Forwarded-For to...
Moderate
Unreviewed
CVE-2023-4631
was published
Sep 25, 2023
This Activity Log WordPress plugin before 2.8.8 retrieves client IP addresses from potentially...
Moderate
Unreviewed
CVE-2023-4281
was published
Sep 25, 2023
Domain restrictions bypass via DNS Rebinding in WireMock and WireMock Studio webhooks, proxy and recorder modes
Low
CVE-2023-41329
was published
for
com.github.tomakehurst:wiremock-jre8
(Maven)
Sep 8, 2023
Authentication Bypass by Spoofing vulnerability in Neutron Neutron Smart VMS allows...
Critical
Unreviewed
CVE-2023-4178
was published
Sep 5, 2023
This User Activity Log WordPress plugin before 1.6.7 retrieves client IP addresses from...
High
Unreviewed
CVE-2023-4279
was published
Sep 4, 2023
Brocade SANnav Web interface before Brocade SANnav v2.3.0 and v2.2.2a
allows remote...
Critical
Unreviewed
CVE-2023-31424
was published
Aug 31, 2023
The User Access Manager WordPress plugin before 2.2.18 prioritizes getting a visitor's IP from...
Moderate
Unreviewed
CVE-2022-1601
was published
Aug 30, 2023
The foundry campaigns service was found to be vulnerable to an unauthenticated information...
Moderate
Unreviewed
CVE-2023-30950
was published
Aug 4, 2023
AMI SPx contains a vulnerability in BMC where a User may cause an authentication bypass by...
High
Unreviewed
CVE-2023-34329
was published
Jul 18, 2023
A CWE-290: Authentication Bypass by Spoofing vulnerability exists that could cause legitimate...
High
Unreviewed
CVE-2022-32747
was published
Jul 6, 2023
Vulnerability of identity verification being bypassed in the Gallery module. Successful...
Critical
Unreviewed
CVE-2022-48513
was published
Jul 6, 2023
An authentication bypass issue via spoofing was discovered in the token-based authentication...
Critical
Unreviewed
CVE-2023-22814
was published
Jul 1, 2023
** UNSUPPPORTED WHEN ASSIGNED **
** UNSUPPORTED WHEN ASSIGNED ** [An attacker can capture an...
Critical
Unreviewed
CVE-2023-3243
was published
Jun 28, 2023
Emby Server < 4.7.12.0 is vulnerable to a login bypass attack by setting the X-Forwarded-For...
Critical
Unreviewed
CVE-2021-25827
was published
Jun 28, 2023
Grafana vulnerable to Authentication Bypass by Spoofing
Critical
CVE-2023-3128
was published
for
github.com/grafana/grafana
(Go)
Jun 22, 2023
ProTip!
Advisories are also available from the
GraphQL API