Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,117 advisories

Loading
MinIO Admin API security issue High Unreviewed
CVE-2020-11012 was published May 24, 2021
vadmeste aead
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could... Moderate Unreviewed
CVE-2021-40130 was published Nov 20, 2021
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and... Critical Unreviewed
CVE-2021-44077 was published Nov 30, 2021
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the... Moderate Unreviewed
CVE-2021-29779 was published Dec 2, 2021
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and... High Unreviewed
CVE-2021-20861 was published Dec 2, 2021
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic... Critical Unreviewed
CVE-2021-39890 was published Dec 7, 2021
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be... Critical Unreviewed
CVE-2021-43931 was published Dec 7, 2021
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable... Critical Unreviewed
CVE-2021-41716 was published Dec 8, 2021
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that... High Unreviewed
CVE-2021-43175 was published Dec 8, 2021
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of... High Unreviewed
CVE-2021-37100 was published Dec 8, 2021
There is a Stack-based Buffer Overflow vulnerability in Huawei Smartphone.Successful exploitation... High Unreviewed
CVE-2021-37043 was published Dec 8, 2021
There is an Identity spoofing and authentication bypass vulnerability in Huawei Smartphone... High Unreviewed
CVE-2021-37054 was published Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow attackers with access to an... High Unreviewed
CVE-2021-41311 was published Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira... Moderate Unreviewed
CVE-2021-41309 was published Dec 9, 2021
ManageEngine's OpUtils 12.5.556 and prior allow access to a few audit directories without... Critical Unreviewed
CVE-2021-44514 was published Dec 10, 2021
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of... High Unreviewed
CVE-2021-21955 was published Dec 10, 2021
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers... High Unreviewed
CVE-2021-20145 was published Dec 10, 2021
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the... High Unreviewed
CVE-2021-43068 was published Dec 10, 2021
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code... Critical Unreviewed
CVE-2021-44515 was published Dec 13, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated... Moderate Unreviewed
CVE-2021-39916 was published Dec 14, 2021
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not... Critical Unreviewed
CVE-2021-44152 was published Dec 14, 2021
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the ... High Unreviewed
CVE-2021-40856 was published Dec 14, 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for... Moderate Unreviewed
CVE-2021-44848 was published Dec 14, 2021
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as... Critical Unreviewed
CVE-2021-4073 was published Dec 15, 2021
glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. Critical Unreviewed
CVE-2021-44949 was published Dec 15, 2021
ProTip! Advisories are also available from the GraphQL API