Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,247 advisories

Loading
In D-link DIR-816 A2_v1.10CNB04.img,the network can be reset without authentication via /goform... High Unreviewed
CVE-2022-36619 was published Sep 1, 2022
Insecure permissions in cskefu v7.0.1 allows unauthenticated attackers to arbitrarily add... High Unreviewed
CVE-2022-36521 was published Aug 27, 2022
Missing authentication for critical function vulnerability in UNIMO Technology digital video... Critical Unreviewed
CVE-2022-35733 was published Aug 24, 2022
The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before... Moderate Unreviewed
CVE-2022-2552 was published Aug 23, 2022
Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at... Critical Unreviewed
CVE-2022-34858 was published Aug 23, 2022
All FLIR AX8 thermal sensor cameras version up to and including 1.46.16 are affected by an... High Unreviewed
CVE-2022-37062 was published Aug 19, 2022
A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as... Critical Unreviewed
CVE-2022-2765 was published Aug 12, 2022
The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as... Critical Unreviewed
CVE-2022-2242 was published Aug 11, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-35865 was published Aug 4, 2022
Honeywell Experion PKS Safety Manager through 2022-05-06 has Missing Authentication for a... High Unreviewed
CVE-2022-30313 was published Jul 29, 2022
Lack of authentication mechanism in Jenkins Git Plugin webhook Moderate
CVE-2022-36884 was published for org.jenkins-ci.plugins:git (Maven) Jul 28, 2022
NotMyFault
Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It... Critical Unreviewed
CVE-2022-29952 was published Jul 27, 2022
The Emerson DeltaV Distributed Control System (DCS) through 2022-04-29 mishandles authentication.... High Unreviewed
CVE-2022-29957 was published Jul 27, 2022
JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP... Critical Unreviewed
CVE-2022-29951 was published Jul 27, 2022
The Motorola MOSCAD and ACE line of RTUs through 2022-05-02 omit an authentication requirement.... High Unreviewed
CVE-2022-30276 was published Jul 27, 2022
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... High Unreviewed
CVE-2022-35871 was published Jul 26, 2022
Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS... Moderate Unreviewed
CVE-2021-36200 was published Jul 23, 2022
The affected product is vulnerable due to missing authentication, which may allow an attacker to... High Unreviewed
CVE-2022-2138 was published Jul 23, 2022
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker... Critical Unreviewed
CVE-2022-20858 was published Jul 22, 2022
Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker... Critical Unreviewed
CVE-2022-20857 was published Jul 22, 2022
SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. Critical Unreviewed
CVE-2022-2141 was published Jul 21, 2022
In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows... Moderate Unreviewed
CVE-2022-31260 was published Jul 18, 2022
An issue was discovered in Open Design Alliance Drawings SDK before 2023.3. An Out-of-Bounds Read... High Unreviewed
CVE-2022-28809 was published Jul 18, 2022
Apache Hive before 3.1.3 `CREATE` and `DROP` function operations do not check for necessary authorization. High
CVE-2021-34538 was published for org.apache.hive:hive (Maven) Jul 17, 2022
A vulnerability has been identified in SIMATIC MV540 H (All versions < V3.3), SIMATIC MV540 S ... High Unreviewed
CVE-2022-33138 was published Jul 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database