Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

51 advisories

Loading
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via... Critical Unreviewed
CVE-2023-29974 was published Nov 8, 2023
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain... Critical Unreviewed
CVE-2023-24049 was published Dec 5, 2023
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for... Critical Unreviewed
CVE-2023-37756 was published Sep 14, 2023
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the... Critical Unreviewed
CVE-2023-37503 was published Oct 19, 2023
There are no requirements for setting a complex password for PiiGAB M-Bus, which... Critical Unreviewed
CVE-2023-34995 was published Jul 7, 2023
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability.... Critical Unreviewed
CVE-2019-3758 was published May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1).... Critical Unreviewed
CVE-2019-13918 was published May 24, 2022
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud... Critical Unreviewed
CVE-2019-9950 was published May 24, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. All inverters have a... Critical Unreviewed
CVE-2017-9853 was published May 13, 2022
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new... Critical Unreviewed
CVE-2023-49238 was published Jan 9, 2024
Apache InLong has Weak Password Requirements in Apache InLong Critical
CVE-2023-31098 was published for org.apache.inlong:manager-pojo (Maven) Jul 6, 2023
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been... Critical Unreviewed
CVE-2023-0641 was published Feb 2, 2023
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain... Critical Unreviewed
CVE-2022-32513 was published Jan 31, 2023
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the... Critical Unreviewed
CVE-2021-43036 was published Dec 7, 2021
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have... Critical Unreviewed
CVE-2022-35280 was published Aug 11, 2022
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application... Critical Unreviewed
CVE-2018-19064 was published May 13, 2022
Baseon Lantronix MSS devices do not require a password for TELNET access. Critical Unreviewed
CVE-2018-12925 was published May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have... Critical Unreviewed
CVE-2018-1372 was published May 13, 2022
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not... Critical Unreviewed
CVE-2017-1601 was published May 13, 2022
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can... Critical Unreviewed
CVE-2017-14189 was published May 13, 2022
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting... Critical Unreviewed
CVE-2017-12861 was published May 13, 2022
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have... Critical Unreviewed
CVE-2017-1221 was published May 13, 2022
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong... Critical Unreviewed
CVE-2017-1196 was published May 13, 2022
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and... Critical Unreviewed
CVE-2017-16727 was published May 13, 2022
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain... Critical Unreviewed
CVE-2022-37164 was published Sep 9, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database