Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,717
Maven
5,000+
npm
4,328
NuGet
761
pip
4,105
Pub
12
RubyGems
958
Rust
1,065
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,544 advisories

Loading
Improper Access Control in GitHub repository zulip/zulip prior to 4.10. High Unreviewed
CVE-2021-3967 was published Feb 28, 2022
SFTPGo vulnerable to recovery codes abuse High
CVE-2022-36071 was published for github.com/drakkan/sftpgo/v2 (Go) Sep 16, 2022
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement... High Unreviewed
CVE-2021-22997 was published May 24, 2022
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated,... High Unreviewed
CVE-2021-1600 was published May 24, 2022
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control... High Unreviewed
CVE-2020-36125 was published May 24, 2022
NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where... High Unreviewed
CVE-2021-1107 was published May 24, 2022
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over... High Unreviewed
CVE-2022-30238 was published Jun 3, 2022
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1... High Unreviewed
CVE-2021-41753 was published May 24, 2022
Agentflow BPM enterprise management system has improper authentication. A remote attacker with... High Unreviewed
CVE-2022-39038 was published Nov 10, 2022
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative... High Unreviewed
CVE-2008-6300 was published May 17, 2022
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC)... High Unreviewed
CVE-2021-1579 was published May 24, 2022
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices.... High Unreviewed
CVE-2021-40380 was published May 24, 2022
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to... High Unreviewed
CVE-2008-7081 was published May 17, 2022
Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors,... High Unreviewed
CVE-2008-6445 was published May 17, 2022
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another... High Unreviewed
CVE-2021-28131 was published May 24, 2022
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is... High Unreviewed
CVE-2022-26975 was published Jun 3, 2022
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns... High Unreviewed
CVE-2021-38137 was published May 24, 2022
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only... High Unreviewed
CVE-2022-31463 was published Jun 3, 2022
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers... High Unreviewed
CVE-2022-30749 was published Jun 8, 2022
Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access... High Unreviewed
CVE-2008-5945 was published May 17, 2022
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access... High Unreviewed
CVE-2020-15078 was published May 24, 2022
There is an improper authentication vulnerability in FLMG-10 10.0.1.0(H100SP22C00). Successful... High Unreviewed
CVE-2022-22259 was published Jun 14, 2022
Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to... High Unreviewed
CVE-2008-4649 was published May 17, 2022
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals... High Unreviewed
CVE-2021-37151 was published May 24, 2022
Certain NETGEAR smart switches are affected by a \n injection in the web UI's password field,... High Unreviewed
CVE-2021-41314 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database