GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
80 advisories
Filter by severity
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key...
Low
Unreviewed
CVE-2021-36368
was published
Mar 14, 2022
HP Multifunction Peripheral (MFP) Digital Sending Software (DSS) 4.91.00 does not properly...
Low
Unreviewed
CVE-2011-0279
was published
May 17, 2022
A user without PR can reset user authentication failures information
Low
CVE-2021-32729
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-script
(Maven)
Jul 2, 2021
An authentication issue was addressed with improved state management. This issue is fixed in...
Low
Unreviewed
CVE-2022-22656
was published
Mar 19, 2022
A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and...
Low
Unreviewed
CVE-2018-25030
was published
Mar 29, 2022
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain...
Low
Unreviewed
CVE-2010-4211
was published
May 17, 2022
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get...
Low
Unreviewed
CVE-2022-25833
was published
Apr 12, 2022
Improper Authentication in Apache Hadoop
Low
CVE-2013-2192
was published
for
org.apache.hadoop:hadoop-common
(Maven)
May 17, 2022
Description: A person with physical access may be able to access contacts. This issue is fixed in...
Low
Unreviewed
CVE-2021-1862
was published
May 24, 2022
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to...
Low
Unreviewed
CVE-2022-22426
was published
Jun 11, 2022
parse-server auth adapter app ID validation can be circumvented
Low
CVE-2022-39231
was published
for
parse-server
(npm)
Sep 21, 2022
The rsaauth extension in TYPO3 4.3.0 through 4.3.14, 4.4.0 through 4.4.15, 4.5.0 through 4.5.39,...
Low
Unreviewed
CVE-2015-2047
was published
May 17, 2022
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9,...
Low
Unreviewed
CVE-2014-0348
was published
May 17, 2022
VASCO IDENTIKEY Authentication Server (IAS) 3.4.x allows remote authenticated users to bypass...
Low
Unreviewed
CVE-2013-7292
was published
May 17, 2022
The default configuration of Red Hat JBoss Portal before 6.1.0 enables the JGroups diagnostics...
Low
Unreviewed
CVE-2013-2102
was published
May 17, 2022
The Verizon Wireless Network Extender SCS-26UC4 and SCS-2U01 does not use CAVE authentication,...
Low
Unreviewed
CVE-2013-4877
was published
May 17, 2022
SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank...
Low
Unreviewed
CVE-2013-2310
was published
May 17, 2022
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to...
Low
Unreviewed
CVE-2013-0985
was published
May 17, 2022
IBM WebSphere Application Server 7.0 before 7.0.0.23, when a certain SSLv2 configuration with...
Low
Unreviewed
CVE-2012-0717
was published
May 17, 2022
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit,...
Low
Unreviewed
CVE-2011-2176
was published
May 17, 2022
An exploitable denial-of-service vulnerability exists in the Linux kernel prior to mainline 5.3....
Low
Unreviewed
CVE-2019-5108
was published
May 24, 2022
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD...
Low
Unreviewed
CVE-2022-45430
was published
Dec 27, 2022
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote...
Low
Unreviewed
CVE-2022-45433
was published
Dec 27, 2022
The Telegram application through 5.12 for Android, when Show Popup is enabled, might allow...
Low
Unreviewed
CVE-2020-10570
was published
May 24, 2022
An authentication bypass vulnerability exists in Microsoft YourPhoneCompanion application for...
Low
Unreviewed
CVE-2020-0943
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API