Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,778
Erlang
36
GitHub Actions
29
Go
2,336
Maven
5,000+
npm
3,969
NuGet
713
pip
3,767
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,344 advisories

Loading
Improper authentication in Veeam Backup & Replication 9.5U3, 9.5U4,10.x and 11.x component used... High Unreviewed
CVE-2022-26504 was published Mar 18, 2022
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid"... Critical Unreviewed
CVE-2021-45786 was published Mar 17, 2022
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key... Low Unreviewed
CVE-2021-36368 was published Mar 14, 2022
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. It mishandles software updates... High Unreviewed
CVE-2021-41848 was published Mar 13, 2022
CAMS for HIS Server contained in the following Yokogawa Electric products improperly authenticate... High Unreviewed
CVE-2022-22729 was published Mar 12, 2022
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated... High Unreviewed
CVE-2021-40376 was published Mar 11, 2022
TP-Link Omada SDN Software Controller before 5.0.15 does not check if the authentication method... High Unreviewed
CVE-2021-44032 was published Mar 11, 2022
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user... Critical Unreviewed
CVE-2022-23383 was published Mar 11, 2022
Acer QuickAccess 2.01.300x before 2.01.3030 and 3.00.30xx before 3.00.3038 contains a local... High Unreviewed
CVE-2022-24286 was published Mar 11, 2022
Acer Care Center 4.00.30xx before 4.00.3042 contains a local privilege escalation vulnerability.... High Unreviewed
CVE-2022-24285 was published Mar 11, 2022
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1... Moderate Unreviewed
CVE-2022-25816 was published Mar 11, 2022
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to... Low Unreviewed
CVE-2022-25817 was published Mar 11, 2022
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows... Moderate Unreviewed
CVE-2022-25825 was published Mar 11, 2022
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to... Critical Unreviewed
CVE-2022-0715 was published Mar 10, 2022
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5. Moderate Unreviewed
CVE-2022-0755 was published Mar 8, 2022
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Critical Unreviewed
CVE-2022-0730 was published Mar 5, 2022
When the device is in factory state, it can be access the shell without adb authentication... High Unreviewed
CVE-2022-23729 was published Mar 5, 2022
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a... Moderate Unreviewed
CVE-2022-23232 was published Mar 5, 2022
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access... Moderate Unreviewed
CVE-2022-23849 was published Mar 4, 2022
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to... Critical Unreviewed
CVE-2021-36166 was published Mar 2, 2022
Improper Access Control in GitHub repository zulip/zulip prior to 4.10. High Unreviewed
CVE-2021-3967 was published Feb 28, 2022
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote... Critical Unreviewed
CVE-2022-25359 was published Feb 27, 2022
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Critical Unreviewed
CVE-2022-24331 was published Feb 26, 2022
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Critical Unreviewed
CVE-2022-25262 was published Feb 26, 2022
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74,... Critical Unreviewed
CVE-2022-21142 was published Feb 25, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database