Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,768
Erlang
35
GitHub Actions
29
Go
2,332
Maven
5,000+
npm
3,965
NuGet
713
pip
3,748
Pub
12
RubyGems
921
Rust
975
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,805 advisories

Loading
Some Dahua products have access control vulnerability in the password reset process. Attackers... Critical Unreviewed
CVE-2021-33046 was published Jan 14, 2022
An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web... Critical Unreviewed
CVE-2022-23178 was published Jan 16, 2022
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue,... High Unreviewed
CVE-2021-25036 was published Jan 18, 2022
SoftVibe SARABAN for INFOMA 1.1 has Incorrect Access Control vulnerability, that allows attackers... High Unreviewed
CVE-2021-38696 was published Jan 19, 2022
An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable... Critical Unreviewed
CVE-2021-22566 was published Jan 19, 2022
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9... Critical Unreviewed
CVE-2021-44757 was published Jan 19, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21695 was published for onionshare-cli (pip) Jan 21, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21692 was published for onionshare-cli (pip) Jan 21, 2022
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 allows user input to... Critical Unreviewed
CVE-2021-43355 was published Jan 22, 2022
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without... Moderate Unreviewed
CVE-2021-33843 was published Jan 22, 2022
The web application on Agilia Link+ version 3.0 implements authentication and session management... Critical Unreviewed
CVE-2021-23196 was published Jan 22, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could allow a remote attacker to bypass security... Critical Unreviewed
CVE-2020-4879 was published Jan 22, 2022
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute... High Unreviewed
CVE-2022-23220 was published Jan 22, 2022
Unisys OS 2200 Messaging Integration Services (NTSI) 7R3B IC3 and IC4, 7R3C, and 7R3D has an... Critical Unreviewed
CVE-2021-43394 was published Jan 25, 2022
TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open... Critical Unreviewed
CVE-2022-23126 was published Jan 25, 2022
An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An authentication... Critical Unreviewed
CVE-2022-23855 was published Jan 25, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2021-34865 was published Jan 26, 2022
Authentication Bypass in ADOdb/ADOdb Critical
CVE-2021-3850 was published for adodb/adodb-php (Composer) Jan 27, 2022
meme-lord dregad
Improper Authentication in phpmyadmin Moderate
CVE-2022-23807 was published for phpmyadmin/phpmyadmin (Composer) Jan 28, 2022
An authentication bypass vulnerability exists in the cgiserver.cgi Login functionality of reolink... Critical Unreviewed
CVE-2021-40404 was published Jan 29, 2022
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that... Moderate Unreviewed
CVE-2021-40338 was published Jan 29, 2022
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05... Critical Unreviewed
CVE-2021-44971 was published Jan 29, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication... High Unreviewed
CVE-2021-45735 was published Feb 5, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a... Critical Unreviewed
CVE-2022-22831 was published Feb 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database