Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,223
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,705
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,030 advisories

Loading
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could... Moderate Unreviewed
CVE-2021-40130 was published Nov 20, 2021
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the... Moderate Unreviewed
CVE-2021-29779 was published Dec 2, 2021
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira... Moderate Unreviewed
CVE-2021-41309 was published Dec 9, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated... Moderate Unreviewed
CVE-2021-39916 was published Dec 14, 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for... Moderate Unreviewed
CVE-2021-44848 was published Dec 14, 2021
Sysaid API User Enumeration - Attacker sending requests to specific api path without any... Moderate Unreviewed
CVE-2021-36721 was published Dec 15, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from... Moderate Unreviewed
CVE-2021-20150 was published Dec 31, 2021
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers... Moderate Unreviewed
CVE-2021-43946 was published Jan 6, 2022
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to... Moderate Unreviewed
CVE-2022-22289 was published Jan 11, 2022
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to... Moderate Unreviewed
CVE-2022-22284 was published Jan 11, 2022
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without... Moderate Unreviewed
CVE-2021-33843 was published Jan 22, 2022
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that... Moderate Unreviewed
CVE-2021-40338 was published Jan 29, 2022
After the initial setup process, some steps of setup.php file are reachable not only by super... Moderate Unreviewed
CVE-2022-23134 was published Feb 9, 2022
Microsoft SharePoint Server Security Feature BypassVulnerability. Moderate Unreviewed
CVE-2022-21968 was published Feb 10, 2022
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated... Moderate Unreviewed
CVE-2021-43950 was published Feb 16, 2022
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in... Moderate Unreviewed
CVE-2021-46249 was published Feb 17, 2022
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this... Moderate Unreviewed
CVE-2016-2124 was published Feb 19, 2022
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST... Moderate Unreviewed
CVE-2020-14504 was published Feb 25, 2022
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access... Moderate Unreviewed
CVE-2022-23849 was published Mar 4, 2022
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a... Moderate Unreviewed
CVE-2022-23232 was published Mar 5, 2022
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5. Moderate Unreviewed
CVE-2022-0755 was published Mar 8, 2022
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows... Moderate Unreviewed
CVE-2022-25825 was published Mar 11, 2022
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1... Moderate Unreviewed
CVE-2022-25816 was published Mar 11, 2022
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise... Moderate Unreviewed
CVE-2022-0862 was published Mar 24, 2022
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4,... Moderate Unreviewed
CVE-2021-4191 was published Mar 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database