Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,422 advisories

Loading
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2021-34977 was published Jan 14, 2022
A limited authentication bypass vulnerability was discovered that could allow an attacker to... High Unreviewed
CVE-2022-22990 was published Jan 14, 2022
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue,... High Unreviewed
CVE-2021-25036 was published Jan 18, 2022
SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers... High Unreviewed
CVE-2021-38696 was published Jan 19, 2022
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute... High Unreviewed
CVE-2022-23220 was published Jan 22, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2021-34865 was published Jan 26, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication... High Unreviewed
CVE-2021-45735 was published Feb 5, 2022
An authenticated and authorized agent user could potentially gain administrative access via an... High Unreviewed
CVE-2022-0366 was published Feb 8, 2022
A denial of service vulnerability exists in the SeaMax remote configuration functionality of... High Unreviewed
CVE-2021-21965 was published Feb 10, 2022
A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel... High Unreviewed
CVE-2021-21964 was published Feb 10, 2022
A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution... High Unreviewed
CVE-2021-22796 was published Feb 12, 2022
Improper validation of program headers containing ELF metadata can lead to image verification... High Unreviewed
CVE-2021-30317 was published Feb 12, 2022
StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users' passwords. High Unreviewed
CVE-2022-24551 was published Feb 12, 2022
An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass... High Unreviewed
CVE-2021-45347 was published Feb 15, 2022
Improper Authentication in Apache Guacamole High Unreviewed
CVE-2021-43999 was published Feb 15, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25834 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server High
CVE-2021-21403 was published for github.com/kongchuanhujiao/server (Go) Feb 15, 2022
qianjunakasumi
Access Restriction Bypass in go-ldap High
CVE-2017-14623 was published for github.com/go-ldap/ldap (Go) Feb 15, 2022
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to... High Unreviewed
CVE-2022-24985 was published Feb 17, 2022
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos... High Unreviewed
CVE-2020-25719 was published Feb 19, 2022
Unauthenticated control plane denial of service attack in Istio High
CVE-2022-23635 was published for istio.io/istio (Go) Feb 23, 2022
AdamKorcz howardjohn
Improper Authentication in Capsule Proxy High
CVE-2022-23652 was published for github.com/clastix/capsule-proxy (Go) Feb 23, 2022
enj
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual... High Unreviewed
CVE-2022-25640 was published Feb 25, 2022
Improper Access Control in GitHub repository zulip/zulip prior to 4.10. High Unreviewed
CVE-2021-3967 was published Feb 28, 2022
When the device is in factory state, it can be access the shell without adb authentication... High Unreviewed
CVE-2022-23729 was published Mar 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database