GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,787
Composer 4,248
Erlang 31
GitHub Actions 21
Go 2,016
Maven 5,202
npm 3,721
NuGet 662
pip 3,400
Pub 11
RubyGems 890
Rust 852
Swift 36

Unreviewed advisories

All unreviewed 236,241

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

786 advisories

Filter by severity

Sort by

Least recently updated

Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not... Critical Unreviewed

CVE-2018-10603 was published May 13, 2022

An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could... Critical Unreviewed

CVE-2017-14147 was published May 13, 2022

Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and... Critical Unreviewed

CVE-2016-4503 was published May 13, 2022

It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an... Critical Unreviewed

CVE-2018-6328 was published May 13, 2022

It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0,... Critical Unreviewed

CVE-2017-12477 was published May 13, 2022

It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has... Critical Unreviewed

CVE-2017-12478 was published May 13, 2022

A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed

CVE-2018-7228 was published May 13, 2022

A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's... Critical Unreviewed

CVE-2018-7791 was published May 13, 2022

Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before... Critical Unreviewed

CVE-2018-15152 was published May 13, 2022

The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to... Critical Unreviewed

CVE-2013-7137 was published May 13, 2022

An exploitable vulnerability exists in the generation of authentication token functionality of... Critical Unreviewed

CVE-2017-2864 was published May 13, 2022

Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing... Critical Unreviewed

CVE-2022-22796 was published May 13, 2022

In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't... Critical Unreviewed

CVE-2019-12254 was published May 7, 2022

An improper authentication vulnerability has been reported to affect QNAP device running Video... Critical Unreviewed

CVE-2021-44056 was published May 6, 2022

An improper authentication vulnerability has been reported to affect QNAP device running Photo... Critical Unreviewed

CVE-2021-44057 was published May 6, 2022

Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". Critical Unreviewed

CVE-2013-3088 was published May 5, 2022

Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities Critical Unreviewed

CVE-2013-4621 was published May 5, 2022

An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in... Critical Unreviewed

CVE-2013-3072 was published May 5, 2022

An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter... Critical Unreviewed

CVE-2022-23723 was published May 4, 2022

A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed... Critical Unreviewed

CVE-2021-41992 was published May 3, 2022

Dataprobe iBootBar (with 2007-09-20 and possibly later beta firmware) allows remote attackers to... Critical Unreviewed

CVE-2007-6760 was published May 1, 2022

Dataprobe iBootBar (with 2007-09-20 and possibly later released firmware) allows remote attackers... Critical Unreviewed

CVE-2007-6759 was published May 1, 2022

The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a... Critical Unreviewed

CVE-2012-10001 was published Apr 23, 2022

The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers... Critical Unreviewed

CVE-2012-2714 was published Apr 23, 2022

An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan... Critical Unreviewed

CVE-2021-3897 was published Apr 23, 2022

Previous 1 2 … 26 27 28 29 30 31 32 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

786 advisories