Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
Internal NCryptDecrypt method could be used externally from WindowsHello library. Moderate
CVE-2020-11005 was published for HaemmerElectronics.SeppPenner.WindowsHello (NuGet) Apr 14, 2020
Even if the authentication fails for local service authentication, the requested command could... Critical Unreviewed
CVE-2022-46732 was published Jan 18, 2023
Navigating to a specific URL with a patient ID number will result in the server generating a PDF... Moderate Unreviewed
CVE-2022-1067 was published Apr 12, 2022
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service... High Unreviewed
CVE-2022-22189 was published Apr 15, 2022
Successful exploitation of this vulnerability on Claroty Secure Remote Access (SRA) Site versions... Moderate Unreviewed
CVE-2021-32958 was published May 24, 2022
The impacted products, when configured to use SSO, are affected by an improper authentication... Critical Unreviewed
CVE-2021-43935 was published Dec 16, 2021
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard High
CVE-2022-36093 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Delta Electronics DIAEnergie Version 1.7.5 and prior may allow an attacker to add a new... Critical Unreviewed
CVE-2021-32967 was published May 24, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-35869 was published Jul 26, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2020-17409 was published May 24, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2020-27863 was published May 24, 2022
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected... High Unreviewed
CVE-2020-27865 was published May 24, 2022
This vulnerability allows network-adjacent attackers to bypass authentication on affected... High Unreviewed
CVE-2020-27866 was published May 24, 2022
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated... Critical Unreviewed
CVE-2021-41292 was published May 24, 2022
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an... Critical Unreviewed
CVE-2021-36308 was published May 24, 2022
Access Control Bypass Moderate
CVE-2018-20321 was published for github.com/rancher/rancher (Go) Jun 23, 2021
Mesa Labs AmegaView Versions 3.0 uses default cookies that could be set to bypass authentication... Critical Unreviewed
CVE-2021-27453 was published Dec 22, 2021
An unauthenticated remote attacker can access mySCADA myPRO Versions 8.20.0 and prior without any... Critical Unreviewed
CVE-2021-43985 was published Dec 24, 2021
The standard access path of the IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) requires... High Unreviewed
CVE-2021-33017 was published Dec 28, 2021
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-24047 was published Feb 19, 2022
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster... High Unreviewed
CVE-2018-10841 was published May 13, 2022
Authentication Bypass Using an Alternate Path or Channel in SpringSource Spring Security and Acegi Security Moderate
CVE-2010-3700 was published for org.acegisecurity:acegi-security (Maven) May 14, 2022
westonsteimel
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's... High Unreviewed
CVE-2021-35530 was published Jun 8, 2022
Authentication Bypass Using an Alternate Path or Channel and Authentication Bypass by Primary Weakness in rucio-webui High
GHSA-v988-828w-xvf2 was published for rucio-webui (pip) Oct 22, 2021
tdunlap607
This vulnerability allows network-adjacent attackers to bypass authentication on affected... Moderate Unreviewed
CVE-2020-15633 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API