Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,338
Maven
5,000+
npm
3,973
NuGet
715
pip
3,769
Pub
12
RubyGems
923
Rust
976
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,810 advisories

Loading
Access Restriction Bypass in go-ldap High
CVE-2017-14623 was published for github.com/go-ldap/ldap (Go) Feb 15, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25834 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Grafana Authentication Bypass Critical
CVE-2018-15727 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Authentication Bypass by Primary Weakness in github.com/kongchuanhujiao/server High
CVE-2021-21403 was published for github.com/kongchuanhujiao/server (Go) Feb 15, 2022
qianjunakasumi
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated... Moderate Unreviewed
CVE-2021-43950 was published Feb 16, 2022
Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to... High Unreviewed
CVE-2022-24985 was published Feb 17, 2022
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in... Moderate Unreviewed
CVE-2021-46249 was published Feb 17, 2022
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus,... Critical Unreviewed
CVE-2021-29655 was published Feb 19, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-24047 was published Feb 19, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21196 was published Feb 19, 2022
A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos... High Unreviewed
CVE-2020-25719 was published Feb 19, 2022
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this... Moderate Unreviewed
CVE-2016-2124 was published Feb 19, 2022
Unauthenticated control plane denial of service attack in Istio High
CVE-2022-23635 was published for istio.io/istio (Go) Feb 23, 2022
AdamKorcz howardjohn
Improper Authentication in Capsule Proxy High
CVE-2022-23652 was published for github.com/clastix/capsule-proxy (Go) Feb 23, 2022
enj
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST... Moderate Unreviewed
CVE-2020-14504 was published Feb 25, 2022
In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual... High Unreviewed
CVE-2022-25640 was published Feb 25, 2022
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74,... Critical Unreviewed
CVE-2022-21142 was published Feb 25, 2022
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Critical Unreviewed
CVE-2022-25262 was published Feb 26, 2022
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Critical Unreviewed
CVE-2022-24331 was published Feb 26, 2022
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote... Critical Unreviewed
CVE-2022-25359 was published Feb 27, 2022
Improper Access Control in GitHub repository zulip/zulip prior to 4.10. High Unreviewed
CVE-2021-3967 was published Feb 28, 2022
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to... Critical Unreviewed
CVE-2021-36166 was published Mar 2, 2022
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access... Moderate Unreviewed
CVE-2022-23849 was published Mar 4, 2022
Remote code execution in net.mingsoft:ms-mcms Critical
CVE-2021-46384 was published for net.mingsoft:ms-mcms (Maven) Mar 5, 2022
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a... Moderate Unreviewed
CVE-2022-23232 was published Mar 5, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database