Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,259 advisories

Loading
A local authentication restriction bypass vulnerability was discovered in HPE OneView version(s):... High Unreviewed
CVE-2022-23699 was published Apr 5, 2022
Improper cleaning of secure memory between authenticated users can lead to face authentication... High Unreviewed
CVE-2021-1950 was published Apr 2, 2022
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and... High Unreviewed
CVE-2022-25915 was published Apr 1, 2022
An improper authentication vulnerability leading to information leakage was discovered in iptime... High Unreviewed
CVE-2021-26620 was published Mar 26, 2022
A flaw was found in the Pacemaker configuration tool (pcs). The pcs daemon was allowing expired... High Unreviewed
CVE-2022-1049 was published Mar 26, 2022
Improper Authentication vulnerability in TLS origin validation of Apache Traffic Server allows an... High Unreviewed
CVE-2021-44759 was published Mar 24, 2022
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used... High Unreviewed
CVE-2022-26504 was published Mar 18, 2022
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates... High Unreviewed
CVE-2021-41848 was published Mar 13, 2022
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate... High Unreviewed
CVE-2022-22729 was published Mar 12, 2022
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated... High Unreviewed
CVE-2021-40376 was published Mar 11, 2022
TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method... High Unreviewed
CVE-2021-44032 was published Mar 11, 2022
Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local... High Unreviewed
CVE-2022-24286 was published Mar 11, 2022
Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability.... High Unreviewed
CVE-2022-24285 was published Mar 11, 2022
When the device is in factory state, it can be access the shell without adb authentication... High Unreviewed
CVE-2022-23729 was published Mar 5, 2022
Improper Access Control in GitHub repository zulip/zulip prior to 4.10. High Unreviewed
CVE-2021-3967 was published Feb 28, 2022
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual... High Unreviewed
CVE-2022-25640 was published Feb 25, 2022
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos... High Unreviewed
CVE-2020-25719 was published Feb 19, 2022
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to... High Unreviewed
CVE-2022-24985 was published Feb 17, 2022
Improper Authentication in Apache Guacamole High Unreviewed
CVE-2021-43999 was published Feb 15, 2022
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass... High Unreviewed
CVE-2021-45347 was published Feb 15, 2022
StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users' passwords. High Unreviewed
CVE-2022-24551 was published Feb 12, 2022
Improper validation of program headers containing ELF metadata can lead to image verification... High Unreviewed
CVE-2021-30317 was published Feb 12, 2022
A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution... High Unreviewed
CVE-2021-22796 was published Feb 12, 2022
A denial of service vulnerability exists in the SeaMax remote configuration functionality of... High Unreviewed
CVE-2021-21965 was published Feb 10, 2022
A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel... High Unreviewed
CVE-2021-21964 was published Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database