Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,152
NuGet
736
pip
3,953
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,425 advisories

Loading
SolarWinds Platform was susceptible to Improper Input Validation. This vulnerability allows a... High Unreviewed
CVE-2022-36960 was published Nov 29, 2022
An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4... High Unreviewed
CVE-2022-44037 was published Nov 29, 2022
This update resolves a multi-factor authentication bypass attack Moderate Unreviewed
CVE-2022-38753 was published Nov 29, 2022
Velneo vClient on its 28.1.3 version, could allow an attacker with knowledge of the victims's... High Unreviewed
CVE-2021-45036 was published Nov 28, 2022
The WebConfig functionality of Epson TM-C3500 and TM-C7500 devices with firmware version WAM31500... Critical Unreviewed
CVE-2022-36133 was published Nov 25, 2022
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing... Moderate Unreviewed
CVE-2022-37774 was published Nov 23, 2022
D-Link DIR-878 1.02B05 is vulnerable to Incorrect Access Control. Critical Unreviewed
CVE-2022-44801 was published Nov 22, 2022
A vulnerability in NetBatch-Plus software allows unauthorized access to the application. HPE has... High Unreviewed
CVE-2022-37931 was published Nov 22, 2022
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden... Critical Unreviewed
CVE-2021-24649 was published Nov 21, 2022
Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application... Critical Unreviewed
CVE-2022-43782 was published Nov 17, 2022
A vulnerability in the Simple Network Management Protocol (SNMP) access controls for Cisco... High Unreviewed
CVE-2022-20918 was published Nov 16, 2022
Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired... High Unreviewed
CVE-2022-25667 was published Nov 15, 2022
The tagDiv Composer WordPress plugin before 3.5, required by the Newspaper WordPress theme before... Critical Unreviewed
CVE-2022-3477 was published Nov 14, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed
CVE-2022-3993 was published Nov 14, 2022
Improper authentication in some Intel(R) XMM(TM) 7560 Modem software before version M2_7560_R_01... High Unreviewed
CVE-2022-27874 was published Nov 11, 2022
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93,... Critical Unreviewed
CVE-2022-26845 was published Nov 11, 2022
Improper authentication in subsystem for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93... Moderate Unreviewed
CVE-2021-33159 was published Nov 11, 2022
Improper authentication in BIOS firmware for some Intel(R) NUC Boards, Intel(R) NUC Business,... Moderate Unreviewed
CVE-2022-21794 was published Nov 11, 2022
Improper authentication in the Intel(R) SDP Tool before version 3.0.0 may allow an... High Unreviewed
CVE-2022-26508 was published Nov 11, 2022
Improper authentication in BIOS firmware for some Intel(R) NUC Boards and Intel(R) NUC Kits... High Unreviewed
CVE-2022-36370 was published Nov 11, 2022
Improper authentication in BIOS firmware[A1] for some Intel(R) NUC Kits before version RY0386 may... High Unreviewed
CVE-2022-37345 was published Nov 11, 2022
Improper authentication in firmware for Intel(R) AMT before versions 11.8.93, 11.22.93, 11.12.93,... High Unreviewed
CVE-2022-29893 was published Nov 11, 2022
After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter... Critical Unreviewed
CVE-2022-34331 was published Nov 11, 2022
Agentflow BPM enterprise management system has improper authentication. A remote attacker with... High Unreviewed
CVE-2022-39038 was published Nov 10, 2022
UPSMON Pro login function has insufficient authentication. An unauthenticated remote attacker can... Critical Unreviewed
CVE-2022-38119 was published Nov 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database