GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,161
Erlang
30
GitHub Actions
19
Go
1,966
Maven
5,000+
npm
3,694
NuGet
653
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
164 advisories
Filter by severity
Authentication Bypass Using an Alternate Path or Channel in Apache Tomcat
Critical
CVE-2016-5018
was published
for
org.apache.tomcat.embed:tomcat-embed-jasper
(Maven)
May 13, 2022
Use of static encryption key material allows forging an authentication token to other users...
High
Unreviewed
CVE-2022-23724
was published
May 5, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0992
was published
Apr 20, 2022
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service...
High
Unreviewed
CVE-2022-22189
was published
Apr 15, 2022
Navigating to a specific URL with a patient ID number will result in the server generating a PDF...
Moderate
Unreviewed
CVE-2022-1067
was published
Apr 12, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2022-24047
was published
Feb 19, 2022
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires...
High
Unreviewed
CVE-2021-33017
was published
Dec 28, 2021
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any...
Critical
Unreviewed
CVE-2021-43985
was published
Dec 24, 2021
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication...
Critical
Unreviewed
CVE-2021-27453
was published
Dec 22, 2021
The impacted products, when configured to use SSO, are affected by an improper authentication...
Critical
Unreviewed
CVE-2021-43935
was published
Dec 16, 2021
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui
High
GHSA-v988-828w-xvf2
was published
for
rucio-webui
(pip)
Oct 22, 2021
Access Control Bypass
Moderate
CVE-2018-20321
was published
for
github.com/rancher/rancher
(Go)
Jun 23, 2021
Authentication bypass in SilverStripe GraphQL
Moderate
CVE-2020-26136
was published
for
silverstripe/graphql
(Composer)
Jun 10, 2021
Internal NCryptDecrypt method could be used externally from WindowsHello library.
Moderate
CVE-2020-11005
was published
for
HaemmerElectronics.SeppPenner.WindowsHello
(NuGet)
Apr 14, 2020
ProTip!
Advisories are also available from the
GraphQL API