Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

42 advisories

Loading
An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack... Moderate Unreviewed
CVE-2024-39081 was published Sep 18, 2024
Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay... Moderate Unreviewed
CVE-2024-37016 was published Jul 15, 2024
In versions of Akana API Platform prior to 2024.1.0, SAML tokens can be replayed. Moderate Unreviewed
CVE-2024-5249 was published Jul 30, 2024
Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay... Moderate Unreviewed
CVE-2023-36857 was published Oct 19, 2023
 A Hyundai model (2017) - CWE-294: Authentication Bypass by Capture-replay. Moderate Unreviewed
CVE-2023-39373 was published Sep 3, 2023
An issue was discovered in WAFU Keyless Smart Lock v1.0 allows attackers to unlock a device via... Moderate Unreviewed
CVE-2023-34553 was published Jun 22, 2023
GL.iNET GL-AR750S-Ext firmware v3.215 inserts the admin authentication token into a GET request... Moderate Unreviewed
CVE-2023-33621 was published Jun 13, 2023
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful... Moderate Unreviewed
CVE-2020-14302 was published May 24, 2022
Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock... Moderate Unreviewed
CVE-2020-9438 was published May 24, 2022
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control. Moderate Unreviewed
CVE-2019-9158 was published May 24, 2022
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and... Moderate Unreviewed
CVE-2019-5307 was published May 24, 2022
The remote keyfob system on Nissan Sylphy Classic 2021 sends the same RF signal for each door... Moderate Unreviewed
CVE-2023-33281 was published May 22, 2023
** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications)... Moderate Unreviewed
CVE-2020-24722 was published May 24, 2022
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric Corporation MELSEC... Moderate Unreviewed
CVE-2023-6374 was published Jan 30, 2024
The remote keyless system of the Hozard alarm system (alarmsystemen) v1.0 sends an identical... Moderate Unreviewed
CVE-2023-50128 was published Jan 11, 2024
A vulnerability has been identified in Mendix Applications using Mendix 10 (All versions < V10.4... Moderate Unreviewed
CVE-2023-45794 was published Nov 14, 2023
A vulnerability in the offline access mode of Cisco Duo Two-Factor Authentication for macOS and... Moderate Unreviewed
CVE-2023-20123 was published Apr 5, 2023
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application... Moderate Unreviewed
CVE-2019-11334 was published May 24, 2022
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF... Moderate Unreviewed
CVE-2022-45914 was published Nov 27, 2022
GoAhead before 5.1.2 mishandles the nonce value during Digest authentication. This may permit... Moderate Unreviewed
CVE-2020-15688 was published May 24, 2022
The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is... Moderate Unreviewed
CVE-2021-46145 was published Jan 7, 2022
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass... Moderate Unreviewed
CVE-2018-16242 was published May 13, 2022
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2... Moderate Unreviewed
CVE-2021-40170 was published Dec 16, 2021
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out,... Moderate Unreviewed
CVE-2020-23178 was published May 24, 2022
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version... Moderate Unreviewed
CVE-2020-28713 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database