Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

879 advisories

Loading
MaLion for Windows and Mac 5.0.0 to 5.2.1 allows remote attackers to bypass authentication to... Critical Unreviewed
CVE-2017-10817 was published May 13, 2022
In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by... Critical Unreviewed
CVE-2017-3167 was published May 13, 2022
In Apache httpd 2.2.0 to 2.4.29, when generating an HTTP Digest authentication challenge, the... Critical Unreviewed
CVE-2018-1312 was published May 13, 2022
Improper Authentication in Apache CXF Critical
CVE-2012-0803 was published for org.apache.cxf:cxf (Maven) May 13, 2022
Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior do not... Critical Unreviewed
CVE-2018-10603 was published May 13, 2022
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could... Critical Unreviewed
CVE-2017-14147 was published May 13, 2022
Contao Does Not Expire Tokens Correctly Critical
CVE-2019-10643 was published for contao/contao (Composer) May 13, 2022
Moxa Device Server Web Console 5232-N allows remote attackers to bypass authentication, and... Critical Unreviewed
CVE-2016-4503 was published May 13, 2022
It was discovered that the Unitrends Backup (UB) before 10.1.0 user interface was exposed to an... Critical Unreviewed
CVE-2018-6328 was published May 13, 2022
It was discovered that the api/storage web interface in Unitrends Backup (UB) before 10.0.0 has... Critical Unreviewed
CVE-2017-12478 was published May 13, 2022
It was discovered that the bpserverd proprietary protocol in Unitrends Backup (UB) before 10.0.0,... Critical Unreviewed
CVE-2017-12477 was published May 13, 2022
A vulnerability exists in Schneider Electric's Pelco Sarix Professional in all firmware versions... Critical Unreviewed
CVE-2018-7228 was published May 13, 2022
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's... Critical Unreviewed
CVE-2018-7791 was published May 13, 2022
Authentication bypass vulnerability in portal/account/register.php in versions of OpenEMR before... Critical Unreviewed
CVE-2018-15152 was published May 13, 2022
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to... Critical Unreviewed
CVE-2013-7137 was published May 13, 2022
An exploitable vulnerability exists in the generation of authentication token functionality of... Critical Unreviewed
CVE-2017-2864 was published May 13, 2022
Sysaid – Sysaid System Takeover - An attacker can bypass the authentication process by accessing... Critical Unreviewed
CVE-2022-22796 was published May 13, 2022
In multiple Tecson Tankspion and GOKs SmartBox 4 products the affected application doesn't... Critical Unreviewed
CVE-2019-12254 was published May 7, 2022
An improper authentication vulnerability has been reported to affect QNAP device running Video... Critical Unreviewed
CVE-2021-44056 was published May 6, 2022
An improper authentication vulnerability has been reported to affect QNAP device running Photo... Critical Unreviewed
CVE-2021-44057 was published May 6, 2022
Magnolia CMS before 4.5.9 has multiple access bypass vulnerabilities Critical Unreviewed
CVE-2013-4621 was published May 5, 2022
Belkin N900 router (F9K1104v1) contains an Authentication Bypass using "Javascript debugging". Critical Unreviewed
CVE-2013-3088 was published May 5, 2022
An Authentication Bypass vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34 in... Critical Unreviewed
CVE-2013-3072 was published May 5, 2022
An MFA bypass vulnerability exists in the PingFederate PingOne MFA Integration Kit when adapter... Critical Unreviewed
CVE-2022-23723 was published May 4, 2022
A misconfiguration of RSA in PingID Windows Login prior to 2.7 is vulnerable to pre-computed... Critical Unreviewed
CVE-2021-41992 was published May 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database