Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

80 advisories

Loading
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key... Low Unreviewed
CVE-2021-36368 was published Mar 14, 2022
HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly... Low Unreviewed
CVE-2011-0279 was published May 17, 2022
A user without PR can reset user authentication failures information Low
CVE-2021-32729 was published for org.xwiki.platform:xwiki-platform-security-authentication-script (Maven) Jul 2, 2021
An authentication issue was addressed with improved state management. This issue is fixed in... Low Unreviewed
CVE-2022-22656 was published Mar 19, 2022
A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and... Low Unreviewed
CVE-2018-25030 was published Mar 29, 2022
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain... Low Unreviewed
CVE-2010-4211 was published May 17, 2022
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get... Low Unreviewed
CVE-2022-25833 was published Apr 12, 2022
Improper Authentication in Apache Hadoop Low
CVE-2013-2192 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Description: A person with physical access may be able to access contacts. This issue is fixed in... Low Unreviewed
CVE-2021-1862 was published May 24, 2022
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to... Low Unreviewed
CVE-2022-22426 was published Jun 11, 2022
parse-server auth adapter app ID validation can be circumvented Low
CVE-2022-39231 was published for parse-server (npm) Sep 21, 2022
KarolisBan
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39,... Low Unreviewed
CVE-2015-2047 was published May 17, 2022
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9,... Low Unreviewed
CVE-2014-0348 was published May 17, 2022
VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass... Low Unreviewed
CVE-2013-7292 was published May 17, 2022
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics... Low Unreviewed
CVE-2013-2102 was published May 17, 2022
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication,... Low Unreviewed
CVE-2013-4877 was published May 17, 2022
SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank... Low Unreviewed
CVE-2013-2310 was published May 17, 2022
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to... Low Unreviewed
CVE-2013-0985 was published May 17, 2022
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with... Low Unreviewed
CVE-2012-0717 was published May 17, 2022
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit,... Low Unreviewed
CVE-2011-2176 was published May 17, 2022
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3.... Low Unreviewed
CVE-2019-5108 was published May 24, 2022
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD... Low Unreviewed
CVE-2022-45430 was published Dec 27, 2022
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote... Low Unreviewed
CVE-2022-45433 was published Dec 27, 2022
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow... Low Unreviewed
CVE-2020-10570 was published May 24, 2022
An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for... Low Unreviewed
CVE-2020-0943 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database