Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,517
Maven
5,000+
npm
4,150
NuGet
736
pip
3,952
Pub
12
RubyGems
946
Rust
1,026
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,424 advisories

Loading
Boodskap IoT Platform v4.4.9-02 allows attackers to escalate privileges via a crafted request... High Unreviewed
CVE-2022-35135 was published Oct 14, 2022
An issue was discovered in Dropbear through 2020.81. Due to a non-RFC-compliant check of the... High Unreviewed
CVE-2021-36369 was published Oct 13, 2022
A vulnerability classified as critical was found in Mediabridge Medialink. This vulnerability... Critical Unreviewed
CVE-2022-3465 was published Oct 12, 2022
On Metasys ADX Server version 12.0 running MVE, an Active Directory user could execute validated... Moderate Unreviewed
CVE-2022-21936 was published Oct 7, 2022
NPS before v0.26.10 was discovered to contain an authentication bypass vulnerability via... Critical Unreviewed
CVE-2022-40494 was published Oct 7, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 is vulnerable to man in the middle... Moderate Unreviewed
CVE-2022-36774 was published Oct 6, 2022
A vulnerability in the smart card login authentication of Cisco Duo for macOS could allow an... Moderate Unreviewed
CVE-2022-20662 was published Oct 1, 2022
An improper authentication vulnerability exists in the Carlo Gavazzi UWP3.0 in multiple versions... High Unreviewed
CVE-2022-22523 was published Sep 29, 2022
The OAuth client Single Sign On WordPress plugin before 3.0.4 does not have authorisation and... High Unreviewed
CVE-2022-3119 was published Sep 27, 2022
Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by... Moderate Unreviewed
CVE-2021-45035 was published Sep 25, 2022
A improper authentication vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 that... High Unreviewed
CVE-2022-35248 was published Sep 25, 2022
An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that... Moderate Unreviewed
CVE-2022-30124 was published Sep 25, 2022
In Erlang/OTP before 23.3.4.15, 24.x before 24.3.4.2, and 25.x before 25.0.2, there is a Client... Critical Unreviewed
CVE-2022-37026 was published Sep 22, 2022
IBM Maximo Asset Management 7.6.1.1, 7.6.1.2, and 7.6.1.3 could allow a user to bypass... High Unreviewed
CVE-2022-40616 was published Sep 22, 2022
Improper authentication in firmware for some Intel(R) SSD DC Products may allow an... Moderate Unreviewed
CVE-2021-33076 was published Sep 21, 2022
Due to a reliance on client-side authentication, the WiFi Mouse (Mouse Server) from Necta LLC's... Critical Unreviewed
CVE-2022-3218 was published Sep 20, 2022
A vulnerability in Trend Micro Apex One and Trend Micro Apex One as a Service could allow an... Critical Unreviewed
CVE-2022-40144 was published Sep 20, 2022
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for... Critical Unreviewed
CVE-2022-28321 was published Sep 20, 2022
Cryptographic issues in BSP due to improper hash verification in Snapdragon Wired Infrastructure... High Unreviewed
CVE-2022-25652 was published Sep 17, 2022
The component controlla_login function in HotelDruid Hotel Management Software v3.0.3 generates a... Critical Unreviewed
CVE-2021-42949 was published Sep 17, 2022
The location module has a vulnerability of bypassing permission verification.Successful... Critical Unreviewed
CVE-2022-39007 was published Sep 17, 2022
The WLAN module has a vulnerability in permission verification. Successful exploitation of this... Critical Unreviewed
CVE-2022-39009 was published Sep 17, 2022
SAP GRC Access control Emergency Access Management allows an authenticated attacker to access a... High Unreviewed
CVE-2022-39801 was published Sep 14, 2022
The WAVLINK Quantum D4G (WN531G3) running firmware version M31G3.V5030.200325 uses IP addresses... High Unreviewed
CVE-2022-40622 was published Sep 14, 2022
OpenHarmony-v3.1.2 and prior versions have a permission bypass vulnerability. Local attackers can... Moderate Unreviewed
CVE-2022-38064 was published Sep 10, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database