Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,164 advisories

Loading
In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows... Moderate Unreviewed
CVE-2022-31260 was published Jul 18, 2022
An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read... High Unreviewed
CVE-2022-28809 was published Jul 18, 2022
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S ... High Unreviewed
CVE-2022-33138 was published Jul 13, 2022
A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The... Critical Unreviewed
CVE-2021-44222 was published Jul 13, 2022
Due to missing authentication check, SAP Business one License service API - version 10.0 allows... High Unreviewed
CVE-2022-28771 was published Jul 13, 2022
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service... Moderate Unreviewed
CVE-2022-23719 was published Jul 1, 2022
In ILIAS through 7.10, lack of verification when changing an email address (on the Profile Page)... Critical Unreviewed
CVE-2022-31266 was published Jun 30, 2022
There is no account authentication and permission check logic in the firmware and existing apps... Critical Unreviewed
CVE-2021-26637 was published Jun 24, 2022
An Uncontrolled Resource Consumption vulnerability in spacewalk-java of SUSE Manager Server 4.1,... High Unreviewed
CVE-2022-21952 was published Jun 23, 2022
Splunk Enterprise deployment servers in versions before 9.0 allow unauthenticated downloading of... High Unreviewed
CVE-2022-32157 was published Jun 16, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There... Critical Unreviewed
CVE-2022-32251 was published Jun 15, 2022
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),... Critical Unreviewed
CVE-2022-30230 was published Jun 15, 2022
The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks... Moderate Unreviewed
CVE-2022-1598 was published Jun 9, 2022
An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which... High Unreviewed
CVE-2022-22576 was published May 27, 2022
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console.... High Unreviewed
CVE-2022-29402 was published May 26, 2022
A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of... High Unreviewed
CVE-2022-26026 was published May 26, 2022
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles... High Unreviewed
CVE-2022-26067 was published May 26, 2022
An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality... High Unreviewed
CVE-2022-26043 was published May 26, 2022
A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open... Critical Unreviewed
CVE-2022-26082 was published May 26, 2022
An external config control vulnerability exists in the OAS Engine SecureAddUser functionality of... High Unreviewed
CVE-2022-26303 was published May 26, 2022
An improper authentication vulnerability exists in the REST API functionality of Open Automation... Critical Unreviewed
CVE-2022-26833 was published May 26, 2022
An information disclosure vulnerability exists in the OAS Engine SecureBrowseFile functionality... High Unreviewed
CVE-2022-27169 was published May 26, 2022
The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY... Moderate Unreviewed
CVE-2022-22309 was published May 25, 2022
Multiple camera devices by UDP Technology, Geutebrück and other vendors allow unauthenticated... High Unreviewed
CVE-2021-33543 was published May 24, 2022
The affected product’s configuration is vulnerable due to missing authentication, which may allow... Critical Unreviewed
CVE-2021-32930 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database