GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
101
GitHub Actions
54
Go
4,282
Maven
5,000+
npm
5,000+
NuGet
1,029
pip
5,000+
Pub
13
RubyGems
1,105
Rust
1,490
Swift
61
Unreviewed advisories
All unreviewed
5,000+
544 advisories
Filter by severity
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus...
High
Unreviewed
CVE-2022-47578
was published
Dec 20, 2022
Unauthorized access to Gateway user capabilities
Critical
Unreviewed
CVE-2022-27510
was published
Nov 9, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
High
CVE-2022-36093
was published
for
org.xwiki.platform:xwiki-platform-web
(Maven)
Sep 16, 2022
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service...
High
Unreviewed
CVE-2022-2031
was published
Aug 26, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2022-35869
was published
Jul 26, 2022
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service...
Moderate
Unreviewed
CVE-2022-23719
was published
Jul 1, 2022
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry...
Moderate
Unreviewed
CVE-2022-23725
was published
Jul 1, 2022
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's...
High
Unreviewed
CVE-2021-35530
was published
Jun 8, 2022
Missing Role Based Access Control for the REST handlers in bleve/http package
Moderate
CVE-2022-31022
was published
for
github.com/blevesearch/bleve
(Go)
Jun 3, 2022
SQL injection and file upload attacks are possible due to insufficient validation of input values...
Critical
Unreviewed
CVE-2021-26634
was published
Jun 3, 2022
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an...
Critical
Unreviewed
CVE-2021-36308
was published
May 24, 2022
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated...
Critical
Unreviewed
CVE-2021-41292
was published
May 24, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new...
Critical
Unreviewed
CVE-2021-32967
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected...
High
Unreviewed
CVE-2020-27865
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on...
Moderate
Unreviewed
CVE-2020-27863
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
High
Unreviewed
CVE-2020-27866
was published
May 24, 2022
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote...
Critical
Unreviewed
CVE-2020-10148
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on...
Moderate
Unreviewed
CVE-2020-17409
was published
May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected...
Moderate
Unreviewed
CVE-2020-15633
was published
May 24, 2022
In Philips Ultrasound ClearVue Versions 3.2 and prior, Ultrasound CX Versions 5.0.2 and prior,...
Low
Unreviewed
CVE-2020-14477
was published
May 24, 2022
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability....
Critical
Unreviewed
CVE-2019-3758
was published
May 24, 2022
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to...
High
Unreviewed
CVE-2019-13526
was published
May 24, 2022
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions...
Moderate
Unreviewed
CVE-2021-32958
was published
May 24, 2022
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security
Moderate
CVE-2010-3700
was published
for
org.acegisecurity:acegi-security
(Maven)
May 14, 2022
An Authentication Bypass issue was discovered in Geutebruck IP Camera G-Cam/EFD-2250 Version 1.11...
Critical
Unreviewed
CVE-2017-5174
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API