Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

860 advisories

Loading
YzmCMS v6.3 is affected by broken access control. Without login, unauthorized access to the user... Critical Unreviewed
CVE-2022-23383 was published Mar 11, 2022
In maccms v10, an attacker can log in through /index.php/user/login in the "col" and "openid"... Critical Unreviewed
CVE-2021-45786 was published Mar 17, 2022
OpenVPN 2.1 until v2.4.12 and v2.5.6 may enable authentication bypass in external authentication... Critical Unreviewed
CVE-2022-0547 was published Mar 19, 2022
An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker... Critical Unreviewed
CVE-2022-1040 was published Mar 26, 2022
An authentication bypass vulnerability in the CGI program of Zyxel USG/ZyWALL series firmware... Critical Unreviewed
CVE-2022-0342 was published Mar 29, 2022
A vulnerability classified as critical was found in SourceCodester One Church Management System 1... Critical Unreviewed
CVE-2022-1084 was published Mar 30, 2022
A vulnerability in the authentication logic of Wyze Cam Pan v2, Cam v2, Cam v3 allows an attacker... Critical Unreviewed
CVE-2019-9564 was published Mar 31, 2022
An issue was discovered in Joomla! 2.5.0 through 3.10.6 & 4.0.0 through 4.1.0. A user row was not... Critical Unreviewed
CVE-2022-23795 was published Mar 31, 2022
An issue in provider/libserver/ECKrbAuth.cpp of Kopano-Core v11.0.2.51 contains an issue which... Critical Unreviewed
CVE-2022-26562 was published Apr 2, 2022
Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 does not protect... Critical Unreviewed
CVE-2021-32980 was published Apr 5, 2022
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is... Critical Unreviewed
CVE-2021-32986 was published Apr 5, 2022
All programming connections receive the same unlocked privileges, which can result in a privilege... Critical Unreviewed
CVE-2021-32984 was published Apr 5, 2022
The multi-window module has a vulnerability of unauthorized insertion and tampering of Settings... Critical Unreviewed
CVE-2021-46742 was published Apr 12, 2022
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE... Critical Unreviewed
CVE-2022-22955 was published Apr 14, 2022
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE... Critical Unreviewed
CVE-2022-22956 was published Apr 14, 2022
A vulnerability in the authentication functionality of Cisco Wireless LAN Controller (WLC)... Critical Unreviewed
CVE-2022-20695 was published Apr 16, 2022
Improper authentication vulnerability in the communication protocol provided by AD (Automation... Critical Unreviewed
CVE-2022-26034 was published Apr 16, 2022
ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via ... Critical Unreviewed
CVE-2022-25226 was published Apr 19, 2022
A flaw was found in 389-ds-base. If an asterisk is imported as password hashes, either... Critical Unreviewed
CVE-2021-3652 was published Apr 19, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows... Critical Unreviewed
CVE-2022-0992 was published Apr 20, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows... Critical Unreviewed
CVE-2022-0993 was published Apr 20, 2022
Typo3 Authentication Bypass Critical
CVE-2011-4628 was published for typo3/cms (Composer) Apr 22, 2022
An authentication bypass vulnerability was discovered in an internal service of the Lenovo Fan... Critical Unreviewed
CVE-2021-3897 was published Apr 23, 2022
An authentication bypass vulnerability was discovered in the web interface of the Lenovo Fan... Critical Unreviewed
CVE-2021-3849 was published Apr 23, 2022
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers... Critical Unreviewed
CVE-2012-2714 was published Apr 23, 2022
ProTip! Advisories are also available from the GraphQL API