Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,851
Erlang
36
GitHub Actions
35
Go
2,480
Maven
5,000+
npm
4,098
NuGet
734
pip
3,914
Pub
12
RubyGems
945
Rust
1,016
Swift
39
Unreviewed advisories
All unreviewed
5,000+

321 advisories

Loading
A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could... Moderate Unreviewed
CVE-2021-1499 was published May 24, 2022
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without... Moderate Unreviewed
CVE-2021-33843 was published Jan 22, 2022
Multiple vulnerabilities in Cisco Application Services Engine could allow an unauthenticated,... Moderate Unreviewed
CVE-2021-1396 was published May 24, 2022
There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone.... Moderate Unreviewed
CVE-2021-22316 was published May 24, 2022
White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The... Moderate Unreviewed
CVE-2020-20472 was published May 24, 2022
Missing message authentication in the meta-protocol in Tinc VPN version 1.0.34 and earlier allows... Moderate Unreviewed
CVE-2018-16758 was published May 13, 2022
An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n... Moderate Unreviewed
CVE-2020-21936 was published May 24, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1... Moderate Unreviewed
CVE-2021-22784 was published May 24, 2022
Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to... Moderate Unreviewed
CVE-2021-31868 was published May 24, 2022
A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing... Moderate Unreviewed
CVE-2019-10941 was published May 24, 2022
Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker... Moderate Unreviewed
CVE-2021-39879 was published May 24, 2022
The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote... Moderate Unreviewed
CVE-2019-8449 was published May 24, 2022
ZKTeco BioTime 8.5.4 is missing authentication on folders containing employee photos, allowing an... Moderate Unreviewed
CVE-2022-30515 was published Nov 9, 2022
IBM Robotic Process Automation with Automation Anywhere 11 could allow an attacker to obtain... Moderate Unreviewed
CVE-2019-4337 was published May 24, 2022
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on... Moderate Unreviewed
CVE-2020-6294 was published May 24, 2022
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and... Moderate Unreviewed
CVE-2022-0424 was published May 10, 2022
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to... Moderate Unreviewed
CVE-2022-27495 was published May 6, 2022
Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the... Moderate Unreviewed
CVE-2021-41568 was published May 24, 2022
Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers... Moderate Unreviewed
CVE-2021-41976 was published May 24, 2022
Missing Authentication for Critical Function in LibreNMS Moderate
CVE-2019-10668 was published for librenms/librenms (Composer) Oct 11, 2019
The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for... Moderate Unreviewed
CVE-2014-2590 was published May 13, 2022
A missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4... Moderate Unreviewed
CVE-2022-42473 was published Nov 2, 2022
IBM Security Identity Governance and Intelligence 5.2.3.2 and 5.2.4 could allow an attacker to... Moderate Unreviewed
CVE-2018-1757 was published May 13, 2022
Missing Authentication for Critical Function in Saleor Moderate
CVE-2020-7964 was published for saleor (pip) Jul 28, 2021
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually Moderate
CVE-2021-32659 was published for matrix-appservice-bridge (npm) Jun 21, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database