Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,614
Maven
5,000+
npm
4,254
NuGet
760
pip
4,031
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

19 advisories

Loading
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress... Critical Unreviewed
CVE-2021-24215 was published May 24, 2022
Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the... Critical Unreviewed
CVE-2019-9552 was published May 13, 2022
D-Link DIR-600M C1 3.04 devices allow authentication bypass via a direct request to the wan.htm... Critical Unreviewed
CVE-2019-7736 was published May 13, 2022
"Dokodemo eye Smart HD" SCR02HD Firmware 1.0.3.1000 and earlier allows remote attackers to bypass... Critical Unreviewed
CVE-2017-10833 was published May 13, 2022
Kentico 9.0 before 9.0.51 and 10.0 before 10.0.48 allows remote attackers to obtain Global... Critical Unreviewed
CVE-2017-17736 was published May 13, 2022
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an... Critical Unreviewed
CVE-2018-18922 was published May 13, 2022
The Van Ons WP GDPR Compliance (aka wp-gdpr-compliance) plugin before 1.4.3 for WordPress allows... Critical Unreviewed
CVE-2018-19207 was published May 13, 2022
OMRON NS devices 1.1 through 1.3 allow remote attackers to bypass authentication via a direct... Critical Unreviewed
CVE-2018-6624 was published May 13, 2022
A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to... Critical Unreviewed
CVE-2022-41746 was published Oct 11, 2022
Rapid7 Nexpose versions 6.6.186 and below suffer from a forced browsing vulnerability. This... Critical Unreviewed
CVE-2023-1699 was published Mar 30, 2023
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to... Critical Unreviewed
CVE-2024-0204 was published Jan 22, 2024
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML... Critical Unreviewed
CVE-2024-24592 was published Feb 6, 2024
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices... Critical Unreviewed
CVE-2019-12583 was published May 24, 2022
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to... Critical Unreviewed
CVE-2019-9884 was published May 24, 2022
A compromised HMS Networks Cosy+ device could be used to request a Certificate Signing Request... Critical Unreviewed
CVE-2024-33897 was published Aug 6, 2024
Direct request ('Forced Browsing') issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all... Critical Unreviewed
CVE-2025-26689 was published Mar 31, 2025
An authentication bypass vulnerability on iBall Baton ADSL2+ Home Router FW_iB-LR7011A_1.0.2... Critical Unreviewed
CVE-2017-14244 was published May 13, 2022
An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated... Critical Unreviewed
CVE-2022-45276 was published Nov 23, 2022
Improper permission control vulnerability in the OXARI ServiceDesk application could allow an... Critical Unreviewed
CVE-2025-1542 was published Mar 26, 2025
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database