Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,124
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

185 advisories

Loading
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be... Moderate Unreviewed
CVE-2022-40725 was published Apr 25, 2023
In multiple functions of AccountManagerService.java, there is a possible loading of arbitrary... High Unreviewed
CVE-2023-21098 was published Apr 19, 2023
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2023-2027 was published Apr 15, 2023
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series... Moderate Unreviewed
CVE-2023-20018 was published Jan 20, 2023
Even if the authentication fails for local service authentication, the requested command could... Critical Unreviewed
CVE-2022-46732 was published Jan 18, 2023
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus... High Unreviewed
CVE-2022-47578 was published Dec 20, 2022
Unauthorized access to Gateway user capabilities Critical Unreviewed
CVE-2022-27510 was published Nov 9, 2022
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service... High Unreviewed
CVE-2022-2031 was published Aug 26, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-35869 was published Jul 26, 2022
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service... Moderate Unreviewed
CVE-2022-23719 was published Jul 1, 2022
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry... Moderate Unreviewed
CVE-2022-23725 was published Jul 1, 2022
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's... High Unreviewed
CVE-2021-35530 was published Jun 8, 2022
SQL injection and file upload attacks are possible due to insufficient validation of input values... Critical Unreviewed
CVE-2021-26634 was published Jun 3, 2022
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an... Critical Unreviewed
CVE-2021-36308 was published May 24, 2022
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated... Critical Unreviewed
CVE-2021-41292 was published May 24, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new... Critical Unreviewed
CVE-2021-32967 was published May 24, 2022
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected... High Unreviewed
CVE-2020-27865 was published May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2020-27866 was published May 24, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2020-27863 was published May 24, 2022
The SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote... Critical Unreviewed
CVE-2020-10148 was published May 24, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2020-17409 was published May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... Moderate Unreviewed
CVE-2020-15633 was published May 24, 2022
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability.... Critical Unreviewed
CVE-2019-3758 was published May 24, 2022
Datalogic AV7000 Linear barcode scanner all versions prior to 4.6.0.0 is vulnerable to... High Unreviewed
CVE-2019-13526 was published May 24, 2022
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions... Moderate Unreviewed
CVE-2021-32958 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database