GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
860 advisories
Filter by severity
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early...
Critical
Unreviewed
CVE-2021-45079
was published
Feb 8, 2022
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows...
Critical
Unreviewed
CVE-2021-29396
was published
Feb 9, 2022
Authentication bypass in Apache Shiro
Critical
CVE-2020-17523
was published
for
org.apache.shiro:shiro-spring
(Maven)
Feb 9, 2022
Reuse of one time passwords allowed in Gitea
Critical
CVE-2021-45331
was published
for
code.gitea.io/gitea
(Go)
Feb 10, 2022
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user...
Critical
Unreviewed
CVE-2021-28503
was published
Feb 10, 2022
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows...
Critical
Unreviewed
CVE-2022-24259
was published
Feb 10, 2022
Improper Authentication in Apache Spark
Critical
CVE-2020-9480
was published
for
org.apache.spark:spark-parent_2.11
(Maven)
Feb 10, 2022
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious...
Critical
Unreviewed
CVE-2021-31932
was published
Feb 12, 2022
An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo...
Critical
Unreviewed
CVE-2021-38679
was published
Feb 12, 2022
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the ...
Critical
Unreviewed
CVE-2021-44736
was published
Feb 12, 2022
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms...
Critical
Unreviewed
CVE-2021-4201
was published
Feb 15, 2022
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file...
Critical
Unreviewed
CVE-2021-45420
was published
Feb 15, 2022
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication...
Critical
Unreviewed
CVE-2022-24976
was published
Feb 15, 2022
Grafana Authentication Bypass
Critical
CVE-2018-15727
was published
for
github.com/grafana/grafana
(Go)
Feb 15, 2022
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus,...
Critical
Unreviewed
CVE-2021-29655
was published
Feb 19, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of...
Critical
Unreviewed
CVE-2022-24047
was published
Feb 19, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Critical
Unreviewed
CVE-2022-21196
was published
Feb 19, 2022
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74,...
Critical
Unreviewed
CVE-2022-21142
was published
Feb 25, 2022
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible.
Critical
Unreviewed
CVE-2022-25262
was published
Feb 26, 2022
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible.
Critical
Unreviewed
CVE-2022-24331
was published
Feb 26, 2022
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote...
Critical
Unreviewed
CVE-2022-25359
was published
Feb 27, 2022
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to...
Critical
Unreviewed
CVE-2021-36166
was published
Mar 2, 2022
Remote code execution in net.mingsoft:ms-mcms
Critical
CVE-2021-46384
was published
for
net.mingsoft:ms-mcms
(Maven)
Mar 5, 2022
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types.
Critical
Unreviewed
CVE-2022-0730
was published
Mar 5, 2022
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to...
Critical
Unreviewed
CVE-2022-0715
was published
Mar 10, 2022
ProTip!
Advisories are also available from the
GraphQL API