GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
37 advisories
Filter by severity
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the...
Critical
Unreviewed
CVE-2021-41974
was published
May 24, 2022
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to...
Critical
Unreviewed
CVE-2021-32523
was published
May 24, 2022
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.
Critical
Unreviewed
CVE-2022-2595
was published
Aug 2, 2022
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do...
Critical
Unreviewed
CVE-2016-5799
was published
May 17, 2022
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which...
Critical
Unreviewed
CVE-2016-0922
was published
May 17, 2022
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3...
Critical
Unreviewed
CVE-2016-6825
was published
May 17, 2022
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated...
Critical
Unreviewed
CVE-2021-42338
was published
May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT...
Critical
Unreviewed
CVE-2020-12500
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36029
was published
May 24, 2022
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and...
Critical
Unreviewed
CVE-2015-3954
was published
May 13, 2022
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI...
Critical
Unreviewed
CVE-2015-5463
was published
May 14, 2022
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log...
Critical
Unreviewed
CVE-2016-10734
was published
May 14, 2022
The listed versions of AVEVA Plant SCADA and AVEVA Telemetry Server are vulnerable to an improper...
Critical
Unreviewed
CVE-2023-1256
was published
Mar 16, 2023
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and...
Critical
Unreviewed
CVE-2022-39862
was published
Oct 7, 2022
A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact...
Critical
Unreviewed
CVE-2022-27583
was published
Nov 1, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Critical
Unreviewed
CVE-2022-21196
was published
Feb 19, 2022
EisBaer Scada - CWE-285: Improper Authorization
Critical
Unreviewed
CVE-2023-42491
was published
Oct 25, 2023
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 ...
Critical
Unreviewed
CVE-2021-28799
was published
May 24, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0993
was published
Apr 20, 2022
A vulnerability in the Authentication, Authorization, and Accounting (AAA) feature of Cisco IOS...
Critical
Unreviewed
CVE-2023-20186
was published
Sep 27, 2023
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches...
Critical
Unreviewed
CVE-2019-1912
was published
May 24, 2022
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized...
Critical
Unreviewed
CVE-2018-14670
was published
May 24, 2022
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an...
Critical
Unreviewed
CVE-2019-13550
was published
May 24, 2022
Improper Authorization vulnerability in ForgeRock Inc. Access Management allows Authentication...
Critical
Unreviewed
CVE-2022-3748
was published
Apr 14, 2023
This vulnerability exists in Milesight 4K/H.265 Series NVR models (MS-Nxxxx-xxG, MS-Nxxxx-xxE, MS...
Critical
Unreviewed
CVE-2023-30467
was published
Apr 28, 2023
ProTip!
Advisories are also available from the
GraphQL API