Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
38
Go
2,831
Maven
5,000+
npm
4,462
NuGet
775
pip
4,226
Pub
12
RubyGems
972
Rust
1,093
Swift
47
Unreviewed advisories
All unreviewed
5,000+

4,022 advisories

Loading
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and... Moderate Unreviewed
CVE-2004-2736 was published Apr 29, 2022
LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server... High Unreviewed
CVE-2004-2724 was published Apr 29, 2022
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain... High Unreviewed
CVE-2004-2715 was published Apr 29, 2022
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user... High Unreviewed
CVE-2004-2182 was published Apr 29, 2022
The default installation of Cisco voice products, when running the IBM Director Agent on IBM... High Unreviewed
CVE-2004-1760 was published Apr 29, 2022
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1... Low Unreviewed
CVE-2003-1570 was published Apr 29, 2022
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with... High Unreviewed
CVE-2003-1574 was published Apr 29, 2022
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the... Moderate Unreviewed
CVE-2003-1489 was published Apr 29, 2022
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only... Moderate Unreviewed
CVE-2003-1475 was published Apr 29, 2022
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1)... Moderate Unreviewed
CVE-2003-1434 was published Apr 29, 2022
The web administration page for the Ericsson HM220dp ADSL modem does not require authentication,... High Unreviewed
CVE-2003-1442 was published Apr 29, 2022
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows... Moderate Unreviewed
CVE-2003-1433 was published Apr 29, 2022
Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door... High Unreviewed
CVE-2003-1343 was published Apr 29, 2022
Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to bypass authentication and... High Unreviewed
CVE-2003-0216 was published Apr 29, 2022
Keycloak is vulnerable to IDN homograph attack Moderate
CVE-2021-3424 was published for org.keycloak:keycloak-services (Maven) Apr 28, 2022
IBM QRadar 7.3, 7.4, and 7.5 could allow a malicious actor to impersonate an actor due to key... High Unreviewed
CVE-2021-38878 was published Apr 28, 2022
ECP SAML binding bypasses authentication flows High
CVE-2021-3827 was published for org.keycloak:keycloak-saml-core (Maven) Apr 27, 2022
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a... Critical Unreviewed
CVE-2012-10001 was published Apr 23, 2022
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers... Critical Unreviewed
CVE-2012-2714 was published Apr 23, 2022
A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the... High Unreviewed
CVE-2012-3462 was published Apr 23, 2022
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan... Critical Unreviewed
CVE-2021-3897 was published Apr 23, 2022
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan... Critical Unreviewed
CVE-2021-3849 was published Apr 23, 2022
Improper Authentication in django-mfa3 High
CVE-2022-24857 was published for django-mfa3 (pip) Apr 22, 2022
stefanw
Credited to stefanw
Typo3 Authentication Bypass Critical
CVE-2011-4628 was published for typo3/cms (Composer) Apr 22, 2022
An issue was discovered in MISP before 2.4.158. In UsersController.php, password confirmation can... High Unreviewed
CVE-2022-29534 was published Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database