GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,787
Composer 4,248
Erlang 31
GitHub Actions 21
Go 2,016
Maven 5,202
npm 3,721
NuGet 662
pip 3,400
Pub 11
RubyGems 890
Rust 852
Swift 36

Unreviewed advisories

All unreviewed 236,241

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

786 advisories

Filter by severity

Sort by

Least recently updated

On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote... Critical Unreviewed

CVE-2022-25359 was published Feb 27, 2022

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Critical Unreviewed

CVE-2022-24331 was published Feb 26, 2022

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Critical Unreviewed

CVE-2022-25262 was published Feb 26, 2022

Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74,... Critical Unreviewed

CVE-2022-21142 was published Feb 25, 2022

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed

CVE-2022-21196 was published Feb 19, 2022

This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed

CVE-2022-24047 was published Feb 19, 2022

Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus,... Critical Unreviewed

CVE-2021-29655 was published Feb 19, 2022

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication... Critical Unreviewed

CVE-2022-24976 was published Feb 15, 2022

** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file... Critical Unreviewed

CVE-2021-45420 was published Feb 15, 2022

Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms... Critical Unreviewed

CVE-2021-4201 was published Feb 15, 2022

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the ... Critical Unreviewed

CVE-2021-44736 was published Feb 12, 2022

An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo... Critical Unreviewed

CVE-2021-38679 was published Feb 12, 2022

Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious... Critical Unreviewed

CVE-2021-31932 was published Feb 12, 2022

An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows... Critical Unreviewed

CVE-2022-24259 was published Feb 10, 2022

The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user... Critical Unreviewed

CVE-2021-28503 was published Feb 10, 2022

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows... Critical Unreviewed

CVE-2021-29396 was published Feb 9, 2022

In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early... Critical Unreviewed

CVE-2021-45079 was published Feb 8, 2022

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a... Critical Unreviewed

CVE-2022-22831 was published Feb 8, 2022

Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05... Critical Unreviewed

CVE-2021-44971 was published Jan 29, 2022

An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink... Critical Unreviewed

CVE-2021-40404 was published Jan 29, 2022

An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication... Critical Unreviewed

CVE-2022-23855 was published Jan 25, 2022

TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open... Critical Unreviewed

CVE-2022-23126 was published Jan 25, 2022

Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an... Critical Unreviewed

CVE-2021-43394 was published Jan 25, 2022

IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security... Critical Unreviewed

CVE-2020-4879 was published Jan 22, 2022

The web application on Agilia Link+ version 3.0 implements authentication and session management... Critical Unreviewed

CVE-2021-23196 was published Jan 22, 2022

Previous 1 2 … 28 29 30 31 32 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

786 advisories