Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

879 advisories

Loading
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication... Critical Unreviewed
CVE-2022-0547 was published Mar 19, 2022
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid"... Critical Unreviewed
CVE-2021-45786 was published Mar 17, 2022
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user... Critical Unreviewed
CVE-2022-23383 was published Mar 11, 2022
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to... Critical Unreviewed
CVE-2022-0715 was published Mar 10, 2022
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Critical Unreviewed
CVE-2022-0730 was published Mar 5, 2022
Remote code execution in net.mingsoft:ms-mcms Critical
CVE-2021-46384 was published for net.mingsoft:ms-mcms (Maven) Mar 5, 2022
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to... Critical Unreviewed
CVE-2021-36166 was published Mar 2, 2022
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote... Critical Unreviewed
CVE-2022-25359 was published Feb 27, 2022
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Critical Unreviewed
CVE-2022-24331 was published Feb 26, 2022
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Critical Unreviewed
CVE-2022-25262 was published Feb 26, 2022
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74,... Critical Unreviewed
CVE-2022-21142 was published Feb 25, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21196 was published Feb 19, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-24047 was published Feb 19, 2022
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus,... Critical Unreviewed
CVE-2021-29655 was published Feb 19, 2022
Grafana Authentication Bypass Critical
CVE-2018-15727 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication... Critical Unreviewed
CVE-2022-24976 was published Feb 15, 2022
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file... Critical Unreviewed
CVE-2021-45420 was published Feb 15, 2022
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms... Critical Unreviewed
CVE-2021-4201 was published Feb 15, 2022
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the ... Critical Unreviewed
CVE-2021-44736 was published Feb 12, 2022
An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo... Critical Unreviewed
CVE-2021-38679 was published Feb 12, 2022
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious... Critical Unreviewed
CVE-2021-31932 was published Feb 12, 2022
Improper Authentication in Apache Spark Critical
CVE-2020-9480 was published for org.apache.spark:spark-parent_2.11 (Maven) Feb 10, 2022
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows... Critical Unreviewed
CVE-2022-24259 was published Feb 10, 2022
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user... Critical Unreviewed
CVE-2021-28503 was published Feb 10, 2022
Reuse of one time passwords allowed in Gitea Critical
CVE-2021-45331 was published for code.gitea.io/gitea (Go) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database