GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
3,146 advisories
Filter by severity
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could...
Moderate
Unreviewed
CVE-2021-40130
was published
Nov 20, 2021
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and...
Critical
Unreviewed
CVE-2021-44077
was published
Nov 30, 2021
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the...
Moderate
Unreviewed
CVE-2021-29779
was published
Dec 2, 2021
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and...
High
Unreviewed
CVE-2021-20861
was published
Dec 2, 2021
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be...
Critical
Unreviewed
CVE-2021-43931
was published
Dec 7, 2021
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic...
Critical
Unreviewed
CVE-2021-39890
was published
Dec 7, 2021
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable...
Critical
Unreviewed
CVE-2021-41716
was published
Dec 8, 2021
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that...
High
Unreviewed
CVE-2021-43175
was published
Dec 8, 2021
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of...
High
Unreviewed
CVE-2021-37100
was published
Dec 8, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation...
High
Unreviewed
CVE-2021-37043
was published
Dec 8, 2021
There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone...
High
Unreviewed
CVE-2021-37054
was published
Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an...
High
Unreviewed
CVE-2021-41311
was published
Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira...
Moderate
Unreviewed
CVE-2021-41309
was published
Dec 9, 2021
ManageEngine's OpUtils 12.5.556 and prior allow access to a few audit directories without...
Critical
Unreviewed
CVE-2021-44514
was published
Dec 10, 2021
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of...
High
Unreviewed
CVE-2021-21955
was published
Dec 10, 2021
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers...
High
Unreviewed
CVE-2021-20145
was published
Dec 10, 2021
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the...
High
Unreviewed
CVE-2021-43068
was published
Dec 10, 2021
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code...
Critical
Unreviewed
CVE-2021-44515
was published
Dec 13, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated...
Moderate
Unreviewed
CVE-2021-39916
was published
Dec 14, 2021
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not...
Critical
Unreviewed
CVE-2021-44152
was published
Dec 14, 2021
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the ...
High
Unreviewed
CVE-2021-40856
was published
Dec 14, 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for...
Moderate
Unreviewed
CVE-2021-44848
was published
Dec 14, 2021
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as...
Critical
Unreviewed
CVE-2021-4073
was published
Dec 15, 2021
glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.
Critical
Unreviewed
CVE-2021-44949
was published
Dec 15, 2021
ProTip!
Advisories are also available from the
GraphQL API