Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,419 advisories

Loading
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6... High Unreviewed
CVE-2021-45505 was published Dec 27, 2021
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6... High Unreviewed
CVE-2021-45506 was published Dec 27, 2021
NETGEAR XR1000 devices before 1.0.0.58 are affected by authentication bypass. High Unreviewed
CVE-2021-45510 was published Dec 27, 2021
An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett... High Unreviewed
CVE-2021-21902 was published Dec 23, 2021
An authentication bypass vulnerability exists in the process_msg() function of the home_security... High Unreviewed
CVE-2021-21953 was published Dec 23, 2021
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary... High Unreviewed
CVE-2021-36350 was published Dec 22, 2021
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in ... High Unreviewed
CVE-2021-40851 was published Dec 18, 2021
Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation,... High Unreviewed
CVE-2021-40826 was published Dec 16, 2021
In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass.... High Unreviewed
CVE-2021-0649 was published Dec 16, 2021
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the ... High Unreviewed
CVE-2021-40856 was published Dec 14, 2021
Improper Authentication in HashiCorp Nomad High
CVE-2021-43415 was published for github.com/hashicorp/nomad (Go) Dec 10, 2021
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the... High Unreviewed
CVE-2021-43068 was published Dec 10, 2021
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers... High Unreviewed
CVE-2021-20145 was published Dec 10, 2021
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of... High Unreviewed
CVE-2021-21955 was published Dec 10, 2021
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an... High Unreviewed
CVE-2021-41311 was published Dec 9, 2021
There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone... High Unreviewed
CVE-2021-37054 was published Dec 9, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation... High Unreviewed
CVE-2021-37043 was published Dec 8, 2021
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of... High Unreviewed
CVE-2021-37100 was published Dec 8, 2021
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that... High Unreviewed
CVE-2021-43175 was published Dec 8, 2021
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and... High Unreviewed
CVE-2021-20861 was published Dec 2, 2021
Deleted Admin Can Sign In to Admin Interface High
CVE-2021-41126 was published for october/october (Composer) Oct 6, 2021
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
User impersonation due to incorrect handling of the login JWT High
CVE-2021-39177 was published for org.geysermc:connector (Maven) Sep 7, 2021
Redned235 Camotoy
clankstar Ry0taK
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database