GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,931
Composer 4,871
Erlang 37
GitHub Actions 36
Go 2,517
Maven 5,956
npm 4,150
NuGet 736
pip 3,952
Pub 12
RubyGems 946
Rust 1,026
Swift 39

Unreviewed advisories

All unreviewed 269,986

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,424 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Improper Access Control in GitHub repository zulip/zulip prior to 4.10. High Unreviewed

CVE-2021-3967 was published Feb 28, 2022

On ICL ScadaFlex II SCADA Controller SC-1 and SC-2 1.03.07 devices, unauthenticated remote... Critical Unreviewed

CVE-2022-25359 was published Feb 27, 2022

In JetBrains TeamCity before 2021.1.4, GitLab authentication impersonation was possible. Critical Unreviewed

CVE-2022-24331 was published Feb 26, 2022

In JetBrains Hub before 2022.1.14434, SAML request takeover was possible. Critical Unreviewed

CVE-2022-25262 was published Feb 26, 2022

Authentication bypass vulnerability in a-blog cms Ver.2.8.x series versions prior to Ver.2.8.74,... Critical Unreviewed

CVE-2022-21142 was published Feb 25, 2022

In wolfSSL before 5.2.0, a TLS 1.3 server cannot properly enforce a requirement for mutual... High Unreviewed

CVE-2022-25640 was published Feb 25, 2022

The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST... Moderate Unreviewed

CVE-2020-14504 was published Feb 25, 2022

A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this... Moderate Unreviewed

CVE-2016-2124 was published Feb 19, 2022

A flaw was found in the way Samba, as an Active Directory Domain Controller, implemented Kerberos... High Unreviewed

CVE-2020-25719 was published Feb 19, 2022

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed

CVE-2022-21196 was published Feb 19, 2022

This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed

CVE-2022-24047 was published Feb 19, 2022

Pexip Infinity Connect before 1.8.0 omits certain provisioning authenticity checks. Thus,... Critical Unreviewed

CVE-2021-29655 was published Feb 19, 2022

An authorization bypass exploited by a user-controlled key in SpecificApps REST API in... Moderate Unreviewed

CVE-2021-46249 was published Feb 17, 2022

Forms generated by JQueryForm.com before 2022-02-05 allows a remote authenticated attacker to... High Unreviewed

CVE-2022-24985 was published Feb 17, 2022

Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated... Moderate Unreviewed

CVE-2021-43950 was published Feb 16, 2022

Improper Authentication in Apache Guacamole High Unreviewed

CVE-2021-43999 was published Feb 15, 2022

Atheme IRC Services before 7.2.12, when used in conjunction with InspIRCd, allows authentication... Critical Unreviewed

CVE-2022-24976 was published Feb 15, 2022

** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file... Critical Unreviewed

CVE-2021-45420 was published Feb 15, 2022

An Incorrect Access Control vulnerability exists in zzcms 8.2, which lets a malicious user bypass... High Unreviewed

CVE-2021-45347 was published Feb 15, 2022

Missing access control in ForgeRock Access Management 7.1.0 and earlier versions on all platforms... Critical Unreviewed

CVE-2021-4201 was published Feb 15, 2022

The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the ... Critical Unreviewed

CVE-2021-44736 was published Feb 12, 2022

StarWind SAN and NAS before 0.2 build 1685 allows users to reset other users' passwords. High Unreviewed

CVE-2022-24551 was published Feb 12, 2022

Improper validation of program headers containing ELF metadata can lead to image verification... High Unreviewed

CVE-2021-30317 was published Feb 12, 2022

An improper authentication vulnerability has been reported to affect QNAP NAS running Kazoo... Critical Unreviewed

CVE-2021-38679 was published Feb 12, 2022

A CWE-287: Improper Authentication vulnerability exists that could allow remote code execution... High Unreviewed

CVE-2021-22796 was published Feb 12, 2022

Previous 1…133…137 Next

Previous 1 2 … 131 132 133 134 135 136 137 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,424 advisories