GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
209 advisories
Filter by severity
Zendesk before 2024-07-02 allows remote attackers to read ticket history via e-mail spoofing,...
High
Unreviewed
CVE-2024-49193
was published
Oct 12, 2024
Azure Active Directory Pod Identity Spoofing Vulnerability
Moderate
Unreviewed
CVE-2021-1677
was published
May 24, 2022
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions...
Moderate
Unreviewed
CVE-2024-1347
was published
Apr 25, 2024
Authentication Bypass by Spoofing vulnerability in Peter Hardy-vanDoorn Maintenance Redirect...
Low
Unreviewed
CVE-2024-45453
was published
Sep 23, 2024
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's...
High
Unreviewed
CVE-2021-45036
was published
Nov 28, 2022
An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7...
Critical
Unreviewed
CVE-2024-6678
was published
Sep 12, 2024
An incorrectly implemented authentication scheme that is subjected to a spoofing attack in the...
High
Unreviewed
CVE-2024-44104
was published
Sep 10, 2024
In WS_FTP Server versions before 8.8.8 (2022.0.8), a Missing Critical Step in Multi-Factor...
Moderate
Unreviewed
CVE-2024-7745
was published
Aug 28, 2024
Typecho v1.3.0 was discovered to contain a race condition vulnerability in the post commenting...
Moderate
Unreviewed
CVE-2024-35539
was published
Aug 19, 2024
Typecho v1.3.0 was discovered to contain a Client IP Spoofing vulnerability, which allows...
Moderate
Unreviewed
CVE-2024-35538
was published
Aug 19, 2024
A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can...
High
Unreviewed
CVE-2024-5037
was published
Jun 5, 2024
PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured...
High
Unreviewed
CVE-2023-40702
was published
Jul 9, 2024
PingOne MFA Integration Kit contains a vulnerability related to the Prompt Users to Set Up MFA...
High
Unreviewed
CVE-2023-40356
was published
Jul 9, 2024
An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue...
Moderate
Unreviewed
CVE-2024-41432
was published
Aug 7, 2024
The CloudStack SAML authentication (disabled by default) does not enforce signature check. In...
High
Unreviewed
CVE-2024-41107
was published
Jul 19, 2024
Skype for Business and Lync Spoofing Vulnerability.
Moderate
Unreviewed
CVE-2022-26910
was published
Apr 16, 2022
An issue in Typora v.1.8.10 and before, allows a local attacker to obtain sensitive information...
Moderate
Unreviewed
CVE-2024-31784
was published
Apr 16, 2024
An issue was discovered in WUZHICMS version 4.1.0, allows an attacker to execute arbitrary code...
Moderate
Unreviewed
CVE-2024-31008
was published
Apr 3, 2024
Microsoft Outlook for Mac Spoofing Vulnerability.
High
Unreviewed
CVE-2022-44713
was published
Dec 13, 2022
Authentication Bypass by Spoofing vulnerability in Patreon Patreon WordPress allows Functionality...
Moderate
Unreviewed
CVE-2024-37430
was published
Jul 9, 2024
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39...
Moderate
Unreviewed
CVE-2024-6163
was published
Jul 8, 2024
Security check loophole in HAProxy release (in combination with routing release) in Cloud Foundry...
Critical
Unreviewed
CVE-2024-37082
was published
Jul 3, 2024
Microsoft Edge (Chromium-based) Spoofing Vulnerability
Moderate
Unreviewed
CVE-2024-30058
was published
Jun 13, 2024
cdbattags lua-resty-jwt 0.2.3 allows attackers to bypass all JWT-parsing signature checks by...
High
Unreviewed
CVE-2024-33531
was published
Apr 24, 2024
Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a...
Moderate
Unreviewed
CVE-2024-3843
was published
Apr 17, 2024
ProTip!
Advisories are also available from the
GraphQL API