Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,795 advisories

Loading
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical... Moderate Unreviewed
CVE-2022-25832 was published Apr 12, 2022
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get... Low Unreviewed
CVE-2022-25833 was published Apr 12, 2022
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings... Critical Unreviewed
CVE-2021-46742 was published Apr 12, 2022
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin... Critical Unreviewed
CVE-2021-44526 was published Dec 24, 2021
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24... Critical Unreviewed
CVE-2021-45509 was published Dec 27, 2021
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6... High Unreviewed
CVE-2021-45503 was published Dec 27, 2021
Certain NETGEAR devices are affected by authentication bypass. This affects CBR750 before 4.6.3.6... High Unreviewed
CVE-2021-45502 was published Dec 27, 2021
Certain NETGEAR devices are affected by authentication bypass. This affects CBR40 before 2.5.0.24... Critical Unreviewed
CVE-2021-45507 was published Dec 27, 2021
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows... Critical Unreviewed
CVE-2021-29396 was published Feb 9, 2022
NETGEAR D7000 devices before 1.0.1.82 are affected by authentication bypass. Critical Unreviewed
CVE-2021-45497 was published Dec 27, 2021
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC)... Critical Unreviewed
CVE-2022-20695 was published Apr 16, 2022
NETGEAR R6700v2 devices before 1.2.0.88 are affected by authentication bypass. Critical Unreviewed
CVE-2021-45498 was published Dec 27, 2021
The device authentication service module has a defect vulnerability introduced in the design... High Unreviewed
CVE-2021-46740 was published Apr 12, 2022
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via ... Critical Unreviewed
CVE-2022-25226 was published Apr 19, 2022
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious... Critical Unreviewed
CVE-2021-31932 was published Feb 12, 2022
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated... Moderate Unreviewed
CVE-2021-43950 was published Feb 16, 2022
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus,... Critical Unreviewed
CVE-2021-29655 was published Feb 19, 2022
The slapi_printmessage function in IBM Tivoli Directory Server (ITDS) before 6.0.0.8-TIV-ITDS... Moderate Unreviewed
CVE-2010-2927 was published May 17, 2022
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to... High Unreviewed
CVE-2022-1065 was published Apr 20, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1... Moderate Unreviewed
CVE-2010-2940 was published May 17, 2022
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE... Critical Unreviewed
CVE-2022-22955 was published Apr 14, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication... High Unreviewed
CVE-2021-45735 was published Feb 5, 2022
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9... Critical Unreviewed
CVE-2021-44757 was published Jan 19, 2022
Real-time image information exposure is caused by insufficient authentication for activated RTSP... High Unreviewed
CVE-2021-26627 was published Apr 20, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database