Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,779
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,972
NuGet
714
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,810 advisories

Loading
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user... Critical Unreviewed
CVE-2021-28503 was published Feb 10, 2022
A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel... High Unreviewed
CVE-2021-21964 was published Feb 10, 2022
Microsoft SharePoint Server Security Feature BypassVulnerability. Moderate Unreviewed
CVE-2022-21968 was published Feb 10, 2022
Reuse of one time passwords allowed in Gitea Critical
CVE-2021-45331 was published for code.gitea.io/gitea (Go) Feb 10, 2022
Authentication bypass in Apache Shiro Critical
CVE-2020-17523 was published for org.apache.shiro:shiro-spring (Maven) Feb 9, 2022
Improper Authentication for Keycloak Moderate
CVE-2020-1718 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
After the initial setup process, some steps of setup.php file are reachable not only by super... Moderate Unreviewed
CVE-2022-23134 was published Feb 9, 2022
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows... Critical Unreviewed
CVE-2021-29396 was published Feb 9, 2022
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early... Critical Unreviewed
CVE-2021-45079 was published Feb 8, 2022
An authenticated and authorized agent user could potentially gain administrative access via an... High Unreviewed
CVE-2022-0366 was published Feb 8, 2022
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a... Critical Unreviewed
CVE-2022-22831 was published Feb 8, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication... High Unreviewed
CVE-2021-45735 was published Feb 5, 2022
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05... Critical Unreviewed
CVE-2021-44971 was published Jan 29, 2022
An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink... Critical Unreviewed
CVE-2021-40404 was published Jan 29, 2022
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that... Moderate Unreviewed
CVE-2021-40338 was published Jan 29, 2022
Improper Authentication in phpmyadmin Moderate
CVE-2022-23807 was published for phpmyadmin/phpmyadmin (Composer) Jan 28, 2022
Authentication Bypass in ADOdb/ADOdb Critical
CVE-2021-3850 was published for adodb/adodb-php (Composer) Jan 27, 2022
meme-lord dregad
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2021-34865 was published Jan 26, 2022
An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication... Critical Unreviewed
CVE-2022-23855 was published Jan 25, 2022
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open... Critical Unreviewed
CVE-2022-23126 was published Jan 25, 2022
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an... Critical Unreviewed
CVE-2021-43394 was published Jan 25, 2022
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute... High Unreviewed
CVE-2022-23220 was published Jan 22, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security... Critical Unreviewed
CVE-2020-4879 was published Jan 22, 2022
The web application on Agilia Link+ version 3.0 implements authentication and session management... Critical Unreviewed
CVE-2021-23196 was published Jan 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database