GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,612
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,989
Maven 5,170
npm 3,705
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,313

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,146 advisories

Filter by severity

Sort by

Least recently updated

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Critical Unreviewed

CVE-2022-25262 was published Feb 26, 2022

Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74,... Critical Unreviewed

CVE-2022-21142 was published Feb 25, 2022

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual... High Unreviewed

CVE-2022-25640 was published Feb 25, 2022

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST... Moderate Unreviewed

CVE-2020-14504 was published Feb 25, 2022

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this... Moderate Unreviewed

CVE-2016-2124 was published Feb 19, 2022

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos... High Unreviewed

CVE-2020-25719 was published Feb 19, 2022

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed

CVE-2022-21196 was published Feb 19, 2022

This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed

CVE-2022-24047 was published Feb 19, 2022

Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus,... Critical Unreviewed

CVE-2021-29655 was published Feb 19, 2022

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in... Moderate Unreviewed

CVE-2021-46249 was published Feb 17, 2022

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to... High Unreviewed

CVE-2022-24985 was published Feb 17, 2022

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated... Moderate Unreviewed

CVE-2021-43950 was published Feb 16, 2022

Improper Authentication in Apache Guacamole High Unreviewed

CVE-2021-43999 was published Feb 15, 2022

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication... Critical Unreviewed

CVE-2022-24976 was published Feb 15, 2022

** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file... Critical Unreviewed

CVE-2021-45420 was published Feb 15, 2022

An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass... High Unreviewed

CVE-2021-45347 was published Feb 15, 2022

Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms... Critical Unreviewed

CVE-2021-4201 was published Feb 15, 2022

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the ... Critical Unreviewed

CVE-2021-44736 was published Feb 12, 2022

StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users' passwords. High Unreviewed

CVE-2022-24551 was published Feb 12, 2022

Improper validation of program headers containing ELF metadata can lead to image verification... High Unreviewed

CVE-2021-30317 was published Feb 12, 2022

An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo... Critical Unreviewed

CVE-2021-38679 was published Feb 12, 2022

A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution... High Unreviewed

CVE-2021-22796 was published Feb 12, 2022

Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious... Critical Unreviewed

CVE-2021-31932 was published Feb 12, 2022

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows... Critical Unreviewed

CVE-2022-24259 was published Feb 10, 2022

A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel... High Unreviewed

CVE-2021-21964 was published Feb 10, 2022

Previous 1 2 … 120 121 122 123 124 125 126 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,146 advisories