GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,516 advisories
Filter by severity
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an...
High
Unreviewed
CVE-2021-41311
was published
Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira...
Moderate
Unreviewed
CVE-2021-41309
was published
Dec 9, 2021
There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone...
High
Unreviewed
CVE-2021-37054
was published
Dec 9, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation...
High
Unreviewed
CVE-2021-37043
was published
Dec 8, 2021
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of...
High
Unreviewed
CVE-2021-37100
was published
Dec 8, 2021
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that...
High
Unreviewed
CVE-2021-43175
was published
Dec 8, 2021
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable...
Critical
Unreviewed
CVE-2021-41716
was published
Dec 8, 2021
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic...
Critical
Unreviewed
CVE-2021-39890
was published
Dec 7, 2021
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be...
Critical
Unreviewed
CVE-2021-43931
was published
Dec 7, 2021
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and...
High
Unreviewed
CVE-2021-20861
was published
Dec 2, 2021
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the...
Moderate
Unreviewed
CVE-2021-29779
was published
Dec 2, 2021
API token verification can be bypassed in NodeBB
Critical
CVE-2021-43786
was published
for
nodebb
(npm)
Nov 30, 2021
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and...
Critical
Unreviewed
CVE-2021-44077
was published
Nov 30, 2021
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could...
Moderate
Unreviewed
CVE-2021-40130
was published
Nov 20, 2021
Improper Authentication in Apache ShenYu Admin
Critical
CVE-2021-37580
was published
for
org.apache.shenyu:shenyu-admin
(Maven)
Nov 17, 2021
Showdoc File Upload Vulnerability
Critical
CVE-2021-41745
was published
for
showdoc/showdoc
(Composer)
Oct 25, 2021
Deleted Admin Can Sign In to Admin Interface
High
CVE-2021-41126
was published
for
october/october
(Composer)
Oct 6, 2021
Authentication bypass for viewing and deletions of snapshots
High
CVE-2021-39226
was published
for
github.com/grafana/grafana
(Go)
Oct 5, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification
High
CVE-2021-41129
was published
for
pterodactyl/panel
(Composer)
Oct 4, 2021
Improper Access Control in passport-oauth2
Moderate
CVE-2021-41580
was published
for
passport-oauth2
(npm)
Sep 29, 2021
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass
Critical
CVE-2021-41303
was published
for
org.apache.shiro:shiro-core
(Maven)
Sep 20, 2021
User impersonation due to incorrect handling of the login JWT
High
CVE-2021-39177
was published
for
org.geysermc:connector
(Maven)
Sep 7, 2021
Authentication bypass in Apache Zeppelin
High
CVE-2020-13929
was published
for
org.apache.zeppelin:zeppelin
(Maven)
Sep 7, 2021
Improper Authentication
High
CVE-2019-20894
was published
for
github.com/traefik/traefik/v2
(Go)
Sep 2, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control
High
CVE-2021-25956
was published
for
dolibarr/dolibarr
(Composer)
Sep 2, 2021
ProTip!
Advisories are also available from the
GraphQL API