Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,184 advisories

Loading
Improper Access Control in Onionshare Moderate
CVE-2022-21695 was published for onionshare-cli (pip) Jan 21, 2022
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to... Moderate Unreviewed
CVE-2022-22284 was published Jan 11, 2022
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to... Moderate Unreviewed
CVE-2022-22289 was published Jan 11, 2022
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers... Moderate Unreviewed
CVE-2021-43946 was published Jan 6, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from... Moderate Unreviewed
CVE-2021-20150 was published Dec 31, 2021
Sysaid API User Enumeration - Attacker sending requests to specific api path without any... Moderate Unreviewed
CVE-2021-36721 was published Dec 15, 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for... Moderate Unreviewed
CVE-2021-44848 was published Dec 14, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated... Moderate Unreviewed
CVE-2021-39916 was published Dec 14, 2021
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira... Moderate Unreviewed
CVE-2021-41309 was published Dec 9, 2021
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the... Moderate Unreviewed
CVE-2021-29779 was published Dec 2, 2021
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could... Moderate Unreviewed
CVE-2021-40130 was published Nov 20, 2021
Improper Access Control in passport-oauth2 Moderate
CVE-2021-41580 was published for passport-oauth2 (npm) Sep 29, 2021
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
Authentication Bypass by Alternate Name in Apache Tomcat Moderate
CVE-2021-30640 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
Authentication granted to all firewalls instead of just one Moderate
CVE-2021-32693 was published for symfony/security-http (Composer) Jun 21, 2021
gndk mynameisbogdan
pwarchol Warxcell wouterj adrienlamotte
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
Kiali Authentication Bypass vulnerability Moderate
CVE-2021-20278 was published for github.com/kiali/kiali (Go) Jun 1, 2021
Broken Authentication in Atlassian Connect Spring Boot Moderate
CVE-2021-26074 was published for com.atlassian.connect:atlassian-connect-spring-boot-starter (Maven) May 10, 2021
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
GHSA-6hgr-2g6q-3rmc was published for com.vaadin:flow-client (Maven) Apr 22, 2021
tdunlap607
Server session is not invalidated when logout() helper method of Authentication module is used in Vaadin 18-19 Moderate
CVE-2021-31408 was published for com.vaadin:vaadin-bom (Maven) Apr 22, 2021
botframework-connector vulnerable to Improper Authentication Moderate
CVE-2021-1725 was published for botframework-connector (npm) Mar 8, 2021
Lack of URL normalization may lead to authorization bypass when URL access rules are used Moderate
CVE-2020-24660 was published for lemonldap-ng-handler (npm) Sep 9, 2020
Authentication Bypass in saml2-js Moderate
GHSA-mfcp-34xw-p57x was published for saml2-js (npm) Sep 3, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database