Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

860 advisories

Loading
In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early... Critical Unreviewed
CVE-2021-45079 was published Feb 8, 2022
Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows... Critical Unreviewed
CVE-2021-29396 was published Feb 9, 2022
Authentication bypass in Apache Shiro Critical
CVE-2020-17523 was published for org.apache.shiro:shiro-spring (Maven) Feb 9, 2022
Reuse of one time passwords allowed in Gitea Critical
CVE-2021-45331 was published for code.gitea.io/gitea (Go) Feb 10, 2022
The impact of this vulnerability is that Arista's EOS eAPI may skip re-evaluating user... Critical Unreviewed
CVE-2021-28503 was published Feb 10, 2022
An incorrect check in the component cdr.php of Voipmonitor GUI before v24.96 allows... Critical Unreviewed
CVE-2022-24259 was published Feb 10, 2022
Improper Authentication in Apache Spark Critical
CVE-2020-9480 was published for org.apache.spark:spark-parent_2.11 (Maven) Feb 10, 2022
Nokia BTS TRS web console FTM_W20_FP2_2019.08.16_0010 allows Authentication Bypass. A malicious... Critical Unreviewed
CVE-2021-31932 was published Feb 12, 2022
An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo... Critical Unreviewed
CVE-2021-38679 was published Feb 12, 2022
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the ... Critical Unreviewed
CVE-2021-44736 was published Feb 12, 2022
Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms... Critical Unreviewed
CVE-2021-4201 was published Feb 15, 2022
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file... Critical Unreviewed
CVE-2021-45420 was published Feb 15, 2022
Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication... Critical Unreviewed
CVE-2022-24976 was published Feb 15, 2022
Grafana Authentication Bypass Critical
CVE-2018-15727 was published for github.com/grafana/grafana (Go) Feb 15, 2022
Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus,... Critical Unreviewed
CVE-2021-29655 was published Feb 19, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-24047 was published Feb 19, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21196 was published Feb 19, 2022
Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74,... Critical Unreviewed
CVE-2022-21142 was published Feb 25, 2022
In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Critical Unreviewed
CVE-2022-25262 was published Feb 26, 2022
In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Critical Unreviewed
CVE-2022-24331 was published Feb 26, 2022
On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote... Critical Unreviewed
CVE-2022-25359 was published Feb 27, 2022
An improper authentication vulnerability in FortiMail before 7.0.1 may allow a remote attacker to... Critical Unreviewed
CVE-2021-36166 was published Mar 2, 2022
Remote code execution in net.mingsoft:ms-mcms Critical
CVE-2021-46384 was published for net.mingsoft:ms-mcms (Maven) Mar 5, 2022
Under certain ldap conditions, Cacti authentication can be bypassed with certain credential types. Critical Unreviewed
CVE-2022-0730 was published Mar 5, 2022
A CWE-287: Improper Authentication vulnerability exists that could cause an attacker to... Critical Unreviewed
CVE-2022-0715 was published Mar 10, 2022
ProTip! Advisories are also available from the GraphQL API