Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,391 advisories

Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary... High Unreviewed
CVE-2021-36350 was published Dec 22, 2021
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible... Critical Unreviewed
CVE-2021-27451 was published Dec 22, 2021
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated... Critical Unreviewed
CVE-2021-44675 was published Dec 21, 2021
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass... Critical Unreviewed
CVE-2021-22057 was published Dec 21, 2021
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx Critical
CVE-2021-32637 was published for github.com/authelia/authelia/v4 (Go) Dec 20, 2021
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in ... High Unreviewed
CVE-2021-40851 was published Dec 18, 2021
Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation,... High Unreviewed
CVE-2021-40826 was published Dec 16, 2021
In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass.... High Unreviewed
CVE-2021-0649 was published Dec 16, 2021
The impacted products, when configured to use SSO, are affected by an improper authentication... Critical Unreviewed
CVE-2021-43935 was published Dec 16, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated... Critical Unreviewed
CVE-2021-44524 was published Dec 15, 2021
Sysaid API User Enumeration - Attacker sending requests to specific api path without any... Moderate Unreviewed
CVE-2021-36721 was published Dec 15, 2021
glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. Critical Unreviewed
CVE-2021-44949 was published Dec 15, 2021
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as... Critical Unreviewed
CVE-2021-4073 was published Dec 15, 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for... Moderate Unreviewed
CVE-2021-44848 was published Dec 14, 2021
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the ... High Unreviewed
CVE-2021-40856 was published Dec 14, 2021
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not... Critical Unreviewed
CVE-2021-44152 was published Dec 14, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated... Moderate Unreviewed
CVE-2021-39916 was published Dec 14, 2021
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code... Critical Unreviewed
CVE-2021-44515 was published Dec 13, 2021
Improper Authentication in HashiCorp Nomad High
CVE-2021-43415 was published for github.com/hashicorp/nomad (Go) Dec 10, 2021
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the... High Unreviewed
CVE-2021-43068 was published Dec 10, 2021
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers... High Unreviewed
CVE-2021-20145 was published Dec 10, 2021
An authentication bypass vulnerability exists in the get_aes_key_info_by_packetid() function of... High Unreviewed
CVE-2021-21955 was published Dec 10, 2021
ManageEngine's OpUtils 12.5.556 and prior allow access to a few audit directories without... Critical Unreviewed
CVE-2021-44514 was published Dec 10, 2021
Potential bypass of an upstream access control based on URL paths in Django High
CVE-2021-44420 was published for Django (pip) Dec 9, 2021
Improper Authentication in Flask-AppBuilder High
CVE-2021-41265 was published for Flask-AppBuilder (pip) Dec 9, 2021
ProTip! Advisories are also available from the GraphQL API