GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,728
Composer 4,855
Erlang 36
GitHub Actions 35
Go 2,481
Maven 5,904
npm 4,102
NuGet 734
pip 3,915
Pub 12
RubyGems 945
Rust 1,017
Swift 39

Unreviewed advisories

All unreviewed 267,794

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

321 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Missing Authentication for Critical Function Moderate

CVE-2021-32709 was published for shopware/platform (Composer) Jun 29, 2021

The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation... Moderate Unreviewed

CVE-2011-3055 was published May 13, 2022

A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of... Moderate Unreviewed

CVE-2018-15466 was published May 13, 2022

Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks... Moderate Unreviewed

CVE-2016-9496 was published May 13, 2022

TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a... Moderate Unreviewed

CVE-2019-19143 was published May 24, 2022

The 'Find Phone' function in Nice smartphones with software versions earlier before Nice... Moderate Unreviewed

CVE-2017-2708 was published May 13, 2022

Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow... Moderate Unreviewed

CVE-2017-17747 was published May 13, 2022

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow... Moderate Unreviewed

CVE-2022-22809 was published Feb 11, 2022

Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent... Moderate Unreviewed

CVE-2021-20152 was published Dec 31, 2021

This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed

CVE-2021-34870 was published Jan 26, 2022

In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have... Moderate Unreviewed

CVE-2022-24111 was published Feb 11, 2022

In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any... Moderate Unreviewed

CVE-2019-6652 was published May 24, 2022

The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for... Moderate Unreviewed

CVE-2020-20627 was published May 24, 2022

Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request... Moderate Unreviewed

CVE-2019-19142 was published May 24, 2022

VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2... Moderate Unreviewed

CVE-2015-5201 was published May 24, 2022

Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via a simple... Moderate Unreviewed

CVE-2019-15654 was published May 24, 2022

VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with... Moderate Unreviewed

CVE-2023-20857 was published Feb 28, 2023

SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any... Moderate Unreviewed

CVE-2023-24526 was published Mar 14, 2023

Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791,... Moderate Unreviewed

CVE-2023-25615 was published Mar 14, 2023

A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server... Moderate Unreviewed

CVE-2023-27983 was published Mar 21, 2023

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired... Moderate Unreviewed

CVE-2020-24588 was published May 24, 2022

The Bluetooth module has an authentication bypass vulnerability in the pairing process.... Moderate Unreviewed

CVE-2022-48291 was published Mar 28, 2023

SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control... Moderate Unreviewed

CVE-2023-24527 was published Apr 11, 2023

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access,... Moderate Unreviewed

CVE-2021-33259 was published May 24, 2022

An issue was discovered on D-Link DIR-816L devices 2.x before 1.10b04Beta02. There exists an... Moderate Unreviewed

CVE-2020-15894 was published May 24, 2022

Previous 1…4…13 Next

Previous 1 2 3 4 5 6 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

321 advisories