Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,164 advisories

Loading
In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing... Critical Unreviewed
CVE-2022-22526 was published Sep 29, 2022
The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This... Moderate Unreviewed
CVE-2022-26394 was published Sep 10, 2022
The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable... Critical Unreviewed
CVE-2022-1368 was published Sep 7, 2022
An access control issue in Canaan Avalon ASIC Miner 2020.3.30 and below allows unauthenticated... High Unreviewed
CVE-2022-36604 was published Sep 2, 2022
Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function.... Critical Unreviewed
CVE-2022-30317 was published Sep 1, 2022
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform... High Unreviewed
CVE-2022-36619 was published Sep 1, 2022
Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add... High Unreviewed
CVE-2022-36521 was published Aug 27, 2022
Missing authentication for critical function vulnerability in UNIMO Technology digital video... Critical Unreviewed
CVE-2022-35733 was published Aug 24, 2022
The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before... Moderate Unreviewed
CVE-2022-2552 was published Aug 23, 2022
Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at... Critical Unreviewed
CVE-2022-34858 was published Aug 23, 2022
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an... High Unreviewed
CVE-2022-37062 was published Aug 19, 2022
A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as... Critical Unreviewed
CVE-2022-2765 was published Aug 12, 2022
The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as... Critical Unreviewed
CVE-2022-2242 was published Aug 11, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-35865 was published Aug 4, 2022
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a... High Unreviewed
CVE-2022-30313 was published Jul 29, 2022
Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It... Critical Unreviewed
CVE-2022-29952 was published Jul 27, 2022
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication.... High Unreviewed
CVE-2022-29957 was published Jul 27, 2022
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP... Critical Unreviewed
CVE-2022-29951 was published Jul 27, 2022
The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement.... High Unreviewed
CVE-2022-30276 was published Jul 27, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2022-35871 was published Jul 26, 2022
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS... Moderate Unreviewed
CVE-2021-36200 was published Jul 23, 2022
The affected product is vulnerable due to missing authentication, which may allow an attacker to... High Unreviewed
CVE-2022-2138 was published Jul 23, 2022
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker... Critical Unreviewed
CVE-2022-20858 was published Jul 22, 2022
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker... Critical Unreviewed
CVE-2022-20857 was published Jul 22, 2022
SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. Critical Unreviewed
CVE-2022-2141 was published Jul 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database