Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,785
Erlang
36
GitHub Actions
29
Go
2,368
Maven
5,000+
npm
3,988
NuGet
720
pip
3,779
Pub
12
RubyGems
926
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,291 advisories

Loading
After the initial setup process, some steps of setup.php file are reachable not only by super... Moderate Unreviewed
CVE-2022-23134 was published Feb 9, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that... Moderate Unreviewed
CVE-2021-40338 was published Jan 29, 2022
Improper Authentication in phpmyadmin Moderate
CVE-2022-23807 was published for phpmyadmin/phpmyadmin (Composer) Jan 28, 2022
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without... Moderate Unreviewed
CVE-2021-33843 was published Jan 22, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21692 was published for onionshare-cli (pip) Jan 21, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21695 was published for onionshare-cli (pip) Jan 21, 2022
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to... Moderate Unreviewed
CVE-2022-22284 was published Jan 11, 2022
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to... Moderate Unreviewed
CVE-2022-22289 was published Jan 11, 2022
Affected versions of Atlassian Jira Server and Data Center allow authenticated remote attackers... Moderate Unreviewed
CVE-2021-43946 was published Jan 6, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from... Moderate Unreviewed
CVE-2021-20150 was published Dec 31, 2021
Sysaid API User Enumeration - Attacker sending requests to specific api path without any... Moderate Unreviewed
CVE-2021-36721 was published Dec 15, 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for... Moderate Unreviewed
CVE-2021-44848 was published Dec 14, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated... Moderate Unreviewed
CVE-2021-39916 was published Dec 14, 2021
Potential bypass of an upstream access control based on URL paths in Django Moderate
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira... Moderate Unreviewed
CVE-2021-41309 was published Dec 9, 2021
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the... Moderate Unreviewed
CVE-2021-29779 was published Dec 2, 2021
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could... Moderate Unreviewed
CVE-2021-40130 was published Nov 20, 2021
Improper Access Control in passport-oauth2 Moderate
CVE-2021-41580 was published for passport-oauth2 (npm) Sep 29, 2021
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
Authentication Bypass by Alternate Name in Apache Tomcat Moderate
CVE-2021-30640 was published for org.apache.tomcat:tomcat (Maven) Aug 13, 2021
Utils.readChallengeTx does not verify the server account signature Moderate
CVE-2021-32738 was published for stellar-sdk (npm) Jul 2, 2021
leighmcculloch
Authentication granted to all firewalls instead of just one Moderate
CVE-2021-32693 was published for symfony/security-http (Composer) Jun 21, 2021
gndk mynameisbogdan
pwarchol Warxcell wouterj adrienlamotte
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Authentication bypass in SilverStripe GraphQL Moderate
CVE-2020-26136 was published for silverstripe/graphql (Composer) Jun 10, 2021
G-Rath
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database