Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,285
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,741
NuGet
668
pip
3,422
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

958 advisories

Loading
Missing authentication in ShenYu High
CVE-2022-23945 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Missing authentication in ShenYu Critical
CVE-2022-23944 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2021-34870 was published Jan 26, 2022
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute... High Unreviewed
CVE-2022-23220 was published Jan 22, 2022
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without... Moderate Unreviewed
CVE-2021-33843 was published Jan 22, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21691 was published for onionshare-cli (pip) Jan 21, 2022
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component:... Critical Unreviewed
CVE-2021-35587 was published Jan 20, 2022
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains... High Unreviewed
CVE-2021-23843 was published Jan 20, 2022
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive,... Critical Unreviewed
CVE-2022-23227 was published Jan 15, 2022
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip... Critical Unreviewed
CVE-2021-28506 was published Jan 15, 2022
Missing Authentication for Critical Function in Apache NiFi High
CVE-2020-9487 was published for org.apache.nifi:nifi (Maven) Jan 6, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent... Moderate Unreviewed
CVE-2021-20152 was published Dec 31, 2021
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces... Critical Unreviewed
CVE-2021-45232 was published Dec 28, 2021
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check.... Moderate Unreviewed
CVE-2021-1011 was published Dec 16, 2021
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise... Critical Unreviewed
CVE-2021-36888 was published Dec 16, 2021
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not... Critical Unreviewed
CVE-2021-44152 was published Dec 14, 2021
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an... Critical Unreviewed
CVE-2021-22279 was published Dec 14, 2021
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require... High Unreviewed
CVE-2021-34543 was published Dec 8, 2021
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download... High Unreviewed
CVE-2021-38147 was published Nov 30, 2021
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR... Critical Unreviewed
CVE-2021-42783 was published Nov 24, 2021
Authentication bypass issue in the Operator Console High
CVE-2021-41266 was published for github.com/minio/console (Go) Nov 15, 2021
Alevsk
Basic auth bypass in esphome High
CVE-2021-41104 was published for esphome (pip) Sep 29, 2021
andir
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
XStream is vulnerable to a Remote Command Execution attack High
CVE-2021-39144 was published for com.thoughtworks.xstream:xstream (Maven) Aug 25, 2021
Missing Authentication for Critical Function in Saleor Moderate
CVE-2020-7964 was published for saleor (pip) Jul 28, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database