Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

83 advisories

Loading
Puppet supports use of IP addresses in certnames without warning of potential risks Low
CVE-2012-3408 was published for puppet (RubyGems) Oct 24, 2017
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to... Low Unreviewed
CVE-2022-25817 was published Mar 11, 2022
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key... Low Unreviewed
CVE-2021-36368 was published Mar 14, 2022
An authentication issue was addressed with improved state management. This issue is fixed in... Low Unreviewed
CVE-2022-22656 was published Mar 19, 2022
A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and... Low Unreviewed
CVE-2018-25030 was published Mar 29, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack Low
CVE-2022-22935 was published for salt (pip) Mar 30, 2022
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get... Low Unreviewed
CVE-2022-25833 was published Apr 12, 2022
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1... Low Unreviewed
CVE-2003-1570 was published Apr 29, 2022
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to... Low Unreviewed
CVE-2002-0507 was published Apr 30, 2022
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication... Low Unreviewed
CVE-2007-6385 was published May 1, 2022
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC... Low Unreviewed
CVE-2009-4409 was published May 2, 2022
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured... Low Unreviewed
CVE-2010-0014 was published May 2, 2022
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly... Low Unreviewed
CVE-2009-0591 was published May 3, 2022
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before... Low Unreviewed
CVE-2009-1905 was published May 3, 2022
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to... Low Unreviewed
CVE-2022-28790 was published May 4, 2022
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not... Low Unreviewed
CVE-2013-0540 was published May 5, 2022
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices... Low Unreviewed
CVE-2018-8862 was published May 13, 2022
** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android.... Low Unreviewed
CVE-2018-12446 was published May 14, 2022
** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android.... Low Unreviewed
CVE-2018-12445 was published May 14, 2022
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0... Low Unreviewed
CVE-2014-6148 was published May 17, 2022
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before... Low Unreviewed
CVE-2013-5429 was published May 17, 2022
The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly... Low Unreviewed
CVE-2013-3659 was published May 17, 2022
The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before... Low Unreviewed
CVE-2013-0578 was published May 17, 2022
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly... Low Unreviewed
CVE-2012-3741 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database