Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

3,558 advisories

Loading
The impacted products, when configured to use SSO, are affected by an improper authentication... Critical Unreviewed
CVE-2021-43935 was published Dec 16, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated... Critical Unreviewed
CVE-2021-44524 was published Dec 15, 2021
Sysaid API User Enumeration - Attacker sending requests to specific api path without any... Moderate Unreviewed
CVE-2021-36721 was published Dec 15, 2021
glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. Critical Unreviewed
CVE-2021-44949 was published Dec 15, 2021
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as... Critical Unreviewed
CVE-2021-4073 was published Dec 15, 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for... Moderate Unreviewed
CVE-2021-44848 was published Dec 14, 2021
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the ... High Unreviewed
CVE-2021-40856 was published Dec 14, 2021
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not... Critical Unreviewed
CVE-2021-44152 was published Dec 14, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated... Moderate Unreviewed
CVE-2021-39916 was published Dec 14, 2021
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code... Critical Unreviewed
CVE-2021-44515 was published Dec 13, 2021
Improper Authentication in HashiCorp Nomad High
CVE-2021-43415 was published for github.com/hashicorp/nomad (Go) Dec 10, 2021
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the... High Unreviewed
CVE-2021-43068 was published Dec 10, 2021
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers... High Unreviewed
CVE-2021-20145 was published Dec 10, 2021
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of... High Unreviewed
CVE-2021-21955 was published Dec 10, 2021
ManageEngine's OpUtils 12.5.556 and prior allow access to a few audit directories without... Critical Unreviewed
CVE-2021-44514 was published Dec 10, 2021
Potential bypass of an upstream access control based on URL paths in Django High
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an... High Unreviewed
CVE-2021-41311 was published Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira... Moderate Unreviewed
CVE-2021-41309 was published Dec 9, 2021
There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone... High Unreviewed
CVE-2021-37054 was published Dec 9, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation... High Unreviewed
CVE-2021-37043 was published Dec 8, 2021
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of... High Unreviewed
CVE-2021-37100 was published Dec 8, 2021
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that... High Unreviewed
CVE-2021-43175 was published Dec 8, 2021
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable... Critical Unreviewed
CVE-2021-41716 was published Dec 8, 2021
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be... Critical Unreviewed
CVE-2021-43931 was published Dec 7, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database