Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

80 advisories

Loading
Puppet supports use of IP addresses in certnames without warning of potential risks Low
CVE-2012-3408 was published for puppet (RubyGems) Oct 24, 2017
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to... Low Unreviewed
CVE-2022-25817 was published Mar 11, 2022
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key... Low Unreviewed
CVE-2021-36368 was published Mar 14, 2022
An authentication issue was addressed with improved state management. This issue is fixed in... Low Unreviewed
CVE-2022-22656 was published Mar 19, 2022
A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and... Low Unreviewed
CVE-2018-25030 was published Mar 29, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack Low
CVE-2022-22935 was published for salt (pip) Mar 30, 2022
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get... Low Unreviewed
CVE-2022-25833 was published Apr 12, 2022
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1... Low Unreviewed
CVE-2003-1570 was published Apr 29, 2022
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to... Low Unreviewed
CVE-2002-0507 was published Apr 30, 2022
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication... Low Unreviewed
CVE-2007-6385 was published May 1, 2022
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC... Low Unreviewed
CVE-2009-4409 was published May 2, 2022
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured... Low Unreviewed
CVE-2010-0014 was published May 2, 2022
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly... Low Unreviewed
CVE-2009-0591 was published May 3, 2022
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before... Low Unreviewed
CVE-2009-1905 was published May 3, 2022
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to... Low Unreviewed
CVE-2022-28790 was published May 4, 2022
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not... Low Unreviewed
CVE-2013-0540 was published May 5, 2022
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices... Low Unreviewed
CVE-2018-8862 was published May 13, 2022
** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android.... Low Unreviewed
CVE-2018-12446 was published May 14, 2022
** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android.... Low Unreviewed
CVE-2018-12445 was published May 14, 2022
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0... Low Unreviewed
CVE-2014-6148 was published May 17, 2022
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before... Low Unreviewed
CVE-2013-5429 was published May 17, 2022
The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly... Low Unreviewed
CVE-2013-3659 was published May 17, 2022
The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before... Low Unreviewed
CVE-2013-0578 was published May 17, 2022
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly... Low Unreviewed
CVE-2012-3741 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API