GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,931
Composer 4,871
Erlang 37
GitHub Actions 36
Go 2,517
Maven 5,956
npm 4,150
NuGet 736
pip 3,952
Pub 12
RubyGems 946
Rust 1,026
Swift 39

Unreviewed advisories

All unreviewed 269,986

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

3,424 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An authentication downgrade in the server in Citilog 8.0 allows an attacker (in a man in the... Moderate Unreviewed

CVE-2022-28860 was published Jul 22, 2022

Broken Access Control vulnerability in YIKES Inc. Custom Product Tabs for WooCommerce plugin <= 1... Moderate Unreviewed

CVE-2022-28666 was published Jul 22, 2022

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. Critical Unreviewed

CVE-2022-2141 was published Jul 21, 2022

A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to... Critical Unreviewed

CVE-2022-26136 was published Jul 21, 2022

Digital Watchdog DW MEGApix IP cameras A7.2.2_20211029 allows unauthenticated attackers to view... High Unreviewed

CVE-2022-34535 was published Jul 20, 2022

An issue was discovered in LemonLDAP::NG (aka lemonldap-ng) 2.0.13. When using the RESTServer... Critical Unreviewed

CVE-2021-40874 was published Jul 19, 2022

The server checks the user's cookie in a non-standard way, and a value is entered in the cookie... Critical Unreviewed

CVE-2022-30623 was published Jul 19, 2022

Browsing the admin.html page allows the user to reset the admin password. Also appears in the JS... High Unreviewed

CVE-2022-30624 was published Jul 19, 2022

The OAuth Single Sign On WordPress plugin before 6.22.6 doesn't validate that OAuth access token... Moderate Unreviewed

CVE-2022-2133 was published Jul 18, 2022

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two... High Unreviewed

CVE-2022-30550 was published Jul 18, 2022

A vulnerability, which was classified as critical, was found in Itech Job Portal Script 9.13.... Critical Unreviewed

CVE-2017-20133 was published Jul 17, 2022

A flaw was found in pki-core, which could allow a user to get a certificate for another user... Moderate Unreviewed

CVE-2022-2393 was published Jul 15, 2022

A vulnerability has been identified in Opcenter Quality V13.1 (All versions < V13.1.20220624),... High Unreviewed

CVE-2022-33736 was published Jul 13, 2022

Improper permission control vulnerability in the Bluetooth module.Successful exploitation of this... Moderate Unreviewed

CVE-2021-40013 was published Jul 13, 2022

Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows... Low Unreviewed

CVE-2022-33689 was published Jul 13, 2022

Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker... High Unreviewed

CVE-2022-30755 was published Jul 13, 2022

Due to missing authentication check, SAP Business one License service API - version 10.0 allows... High Unreviewed

CVE-2022-28771 was published Jul 13, 2022

Multiple Lenze products of the cabinet series skip the password verification upon second login.... Critical Unreviewed

CVE-2022-2302 was published Jul 12, 2022

Symantec Advanced Secure Gateway (ASG) and ProxySG are susceptible to an HTTP desync... Critical Unreviewed

CVE-2021-46825 was published Jul 8, 2022

Session 1.13.0 allows an attacker with physical access to the victim's device to bypass the... Moderate Unreviewed

CVE-2022-1955 was published Jul 1, 2022

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force... Critical Unreviewed

CVE-2022-22487 was published Jul 1, 2022

By using a specific credential string, an attacker with network access to the device’s web... Critical Unreviewed

CVE-2022-2197 was published Jul 1, 2022

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service... Moderate Unreviewed

CVE-2022-23719 was published Jul 1, 2022

A misconfiguration of RSA in PingID Mac Login prior to 1.1 is vulnerable to pre-computed... High Unreviewed

CVE-2021-41995 was published Jul 1, 2022

PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry... Moderate Unreviewed

CVE-2022-23725 was published Jul 1, 2022

Previous 1…40…137 Next

Previous 1 2 … 38 39 40 41 42 … 136 137 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

3,424 advisories