GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,232
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,345
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,029 advisories
Filter by severity
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the...
Moderate
Unreviewed
CVE-2021-29779
was published
Dec 2, 2021
Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt...
Moderate
Unreviewed
CVE-2011-0718
was published
May 17, 2022
VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before...
Moderate
Unreviewed
CVE-2011-0527
was published
May 17, 2022
Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin...
Moderate
Unreviewed
CVE-2011-0435
was published
May 17, 2022
nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found...
Moderate
Unreviewed
CVE-2011-0438
was published
May 17, 2022
The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series...
Moderate
Unreviewed
CVE-2010-4690
was published
May 17, 2022
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4,...
Moderate
Unreviewed
CVE-2021-4191
was published
Mar 29, 2022
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for...
Moderate
Unreviewed
CVE-2021-44848
was published
Dec 14, 2021
Sysaid API User Enumeration - Attacker sending requests to specific api path without any...
Moderate
Unreviewed
CVE-2021-36721
was published
Dec 15, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated...
Moderate
Unreviewed
CVE-2021-39916
was published
Dec 14, 2021
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the...
Moderate
Unreviewed
CVE-2021-45900
was published
Apr 1, 2022
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A...
Moderate
Unreviewed
CVE-2022-23156
was published
Apr 2, 2022
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11...
Moderate
Unreviewed
CVE-2022-1148
was published
Apr 5, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from...
Moderate
Unreviewed
CVE-2021-20150
was published
Dec 31, 2021
Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1...
Moderate
Unreviewed
CVE-2022-27839
was published
Apr 12, 2022
Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that...
Moderate
Unreviewed
CVE-2022-26091
was published
Apr 12, 2022
Navigating to a specific URL with a patient ID number will result in the server generating a PDF...
Moderate
Unreviewed
CVE-2022-1067
was published
Apr 12, 2022
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical...
Moderate
Unreviewed
CVE-2022-25832
was published
Apr 12, 2022
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated...
Moderate
Unreviewed
CVE-2021-43950
was published
Feb 16, 2022
The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS...
Moderate
Unreviewed
CVE-2010-2927
was published
May 17, 2022
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1...
Moderate
Unreviewed
CVE-2010-2940
was published
May 17, 2022
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it...
Moderate
Unreviewed
CVE-2010-2496
was published
Apr 21, 2022
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in...
Moderate
Unreviewed
CVE-2021-46249
was published
Feb 17, 2022
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete...
Moderate
Unreviewed
CVE-2020-14121
was published
Apr 22, 2022
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed...
Moderate
Unreviewed
CVE-2021-21131
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API