GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,162
Erlang
30
GitHub Actions
19
Go
1,966
Maven
5,000+
npm
3,694
NuGet
653
pip
3,311
Pub
11
RubyGems
881
Rust
831
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
148 advisories
Filter by severity
The impacted products, when configured to use SSO, are affected by an improper authentication...
Critical
Unreviewed
CVE-2021-43935
was published
Dec 16, 2021
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication...
Critical
Unreviewed
CVE-2021-27453
was published
Dec 22, 2021
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any...
Critical
Unreviewed
CVE-2021-43985
was published
Dec 24, 2021
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires...
High
Unreviewed
CVE-2021-33017
was published
Dec 28, 2021
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2022-24047
was published
Feb 19, 2022
Navigating to a specific URL with a patient ID number will result in the server generating a PDF...
Moderate
Unreviewed
CVE-2022-1067
was published
Apr 12, 2022
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service...
High
Unreviewed
CVE-2022-22189
was published
Apr 15, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0992
was published
Apr 20, 2022
Use of static encryption key material allows forging an authentication token to other users...
High
Unreviewed
CVE-2022-23724
was published
May 5, 2022
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster...
High
Unreviewed
CVE-2018-10841
was published
May 13, 2022
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions...
Moderate
Unreviewed
CVE-2021-32958
was published
May 24, 2022
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to...
High
Unreviewed
CVE-2019-13526
was published
May 24, 2022
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability....
Critical
Unreviewed
CVE-2019-3758
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
Moderate
Unreviewed
CVE-2020-15633
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on...
Moderate
Unreviewed
CVE-2020-17409
was published
May 24, 2022
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote...
Critical
Unreviewed
CVE-2020-10148
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
High
Unreviewed
CVE-2020-27866
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on...
Moderate
Unreviewed
CVE-2020-27863
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected...
High
Unreviewed
CVE-2020-27865
was published
May 24, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new...
Critical
Unreviewed
CVE-2021-32967
was published
May 24, 2022
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated...
Critical
Unreviewed
CVE-2021-41292
was published
May 24, 2022
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an...
Critical
Unreviewed
CVE-2021-36308
was published
May 24, 2022
SQL injection and file upload attacks are possible due to insufficient validation of input values...
Critical
Unreviewed
CVE-2021-26634
was published
Jun 3, 2022
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's...
High
Unreviewed
CVE-2021-35530
was published
Jun 8, 2022
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry...
Moderate
Unreviewed
CVE-2022-23725
was published
Jul 1, 2022
ProTip!
Advisories are also available from the
GraphQL API