Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

37 advisories

Loading
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the... Critical Unreviewed
CVE-2021-41974 was published May 24, 2022
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to... Critical Unreviewed
CVE-2021-32523 was published May 24, 2022
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. Critical Unreviewed
CVE-2022-2595 was published Aug 2, 2022
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do... Critical Unreviewed
CVE-2016-5799 was published May 17, 2022
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which... Critical Unreviewed
CVE-2016-0922 was published May 17, 2022
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3... Critical Unreviewed
CVE-2016-6825 was published May 17, 2022
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated... Critical Unreviewed
CVE-2021-42338 was published May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT... Critical Unreviewed
CVE-2020-12500 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36029 was published May 24, 2022
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and... Critical Unreviewed
CVE-2015-3954 was published May 13, 2022
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI... Critical Unreviewed
CVE-2015-5463 was published May 14, 2022
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log... Critical Unreviewed
CVE-2016-10734 was published May 14, 2022
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper... Critical Unreviewed
CVE-2023-1256 was published Mar 16, 2023
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and... Critical Unreviewed
CVE-2022-39862 was published Oct 7, 2022
A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact... Critical Unreviewed
CVE-2022-27583 was published Nov 1, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21196 was published Feb 19, 2022
EisBaer Scada - CWE-285: Improper Authorization Critical Unreviewed
CVE-2023-42491 was published Oct 25, 2023
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 ... Critical Unreviewed
CVE-2021-28799 was published May 24, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows... Critical Unreviewed
CVE-2022-0993 was published Apr 20, 2022
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS... Critical Unreviewed
CVE-2023-20186 was published Sep 27, 2023
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches... Critical Unreviewed
CVE-2019-1912 was published May 24, 2022
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized... Critical Unreviewed
CVE-2018-14670 was published May 24, 2022
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an... Critical Unreviewed
CVE-2019-13550 was published May 24, 2022
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication... Critical Unreviewed
CVE-2022-3748 was published Apr 14, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS... Critical Unreviewed
CVE-2023-30467 was published Apr 28, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database