GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,952

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

230 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and... Moderate Unreviewed

CVE-2022-20830 was published Oct 11, 2022

The Baxter Spectrum WBM does not perform mutual authentication with the gateway server host. This... Moderate Unreviewed

CVE-2022-26394 was published Sep 10, 2022

The Duplicator WordPress plugin before 1.4.7.1 does not authenticate or authorize visitors before... Moderate Unreviewed

CVE-2022-2552 was published Aug 23, 2022

Under certain circumstances an unauthenticated user could access the the web API for Metasys ADS... Moderate Unreviewed

CVE-2021-36200 was published Jul 23, 2022

In Montala ResourceSpace through 9.8 before r19636, csv_export_results_metadata.php allows... Moderate Unreviewed

CVE-2022-31260 was published Jul 18, 2022

PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service... Moderate Unreviewed

CVE-2022-23719 was published Jul 1, 2022

The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks... Moderate Unreviewed

CVE-2022-1598 was published Jun 9, 2022

The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY... Moderate Unreviewed

CVE-2022-22309 was published May 25, 2022

** DISPUTED ** BIRD through 2.0.7 does not provide functionality for password authentication of... Moderate Unreviewed

CVE-2021-26928 was published May 24, 2022

A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials.... Moderate Unreviewed

CVE-2020-25634 was published May 24, 2022

The /rest/api/latest/groupuserpicker resource in Jira before version 8.4.0 allows remote... Moderate Unreviewed

CVE-2019-8449 was published May 24, 2022

Several web interfaces in D-Link DIR-868LW 1.12b have no authentication requirements for access,... Moderate Unreviewed

CVE-2021-33259 was published May 24, 2022

Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the... Moderate Unreviewed

CVE-2021-41568 was published May 24, 2022

Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers... Moderate Unreviewed

CVE-2021-41976 was published May 24, 2022

Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker... Moderate Unreviewed

CVE-2021-39879 was published May 24, 2022

A vulnerability has been identified in SINEMA Server (All versions < V14 SP3). Missing... Moderate Unreviewed

CVE-2019-10941 was published May 24, 2022

HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR... Moderate Unreviewed

CVE-2021-27668 was published May 24, 2022

Rapid7 Nexpose version 6.6.95 and earlier allows authenticated users of the Security Console to... Moderate Unreviewed

CVE-2021-31868 was published May 24, 2022

An issue in HNAP1/GetMultipleHNAPs of Motorola CX2 router CX 1.0.2 Build 20190508 Rel.97360n... Moderate Unreviewed

CVE-2020-21936 was published May 24, 2022

A CWE-306: Missing Authentication for Critical Function vulnerability exists in C-Bus Toolkit v1... Moderate Unreviewed

CVE-2021-22784 was published May 24, 2022

White Shark System (WSS) 1.3.2 has a sensitive information disclosure vulnerability. The... Moderate Unreviewed

CVE-2020-20472 was published May 24, 2022

There is a Missing Authentication for Critical Function vulnerability in Huawei Smartphone.... Moderate Unreviewed

CVE-2021-22316 was published May 24, 2022

The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired... Moderate Unreviewed

CVE-2020-24588 was published May 24, 2022

A vulnerability in the web-based management interface of Cisco HyperFlex HX Data Platform could... Moderate Unreviewed

CVE-2021-1499 was published May 24, 2022

The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4... Moderate Unreviewed

CVE-2021-24219 was published May 24, 2022

Previous 1 2 3 4 5 6 7 8 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

230 advisories