Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,130 advisories

An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4,... Moderate Unreviewed
CVE-2021-4191 was published Mar 29, 2022
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise... Moderate Unreviewed
CVE-2022-0862 was published Mar 24, 2022
Sudden swap of user auth tokens in Volto Moderate
CVE-2022-24740 was published for @plone/volto (npm) Mar 14, 2022
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1... Moderate Unreviewed
CVE-2022-25816 was published Mar 11, 2022
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows... Moderate Unreviewed
CVE-2022-25825 was published Mar 11, 2022
Incorrect Authentication in shopware Moderate
CVE-2022-24748 was published for shopware/core (Composer) Mar 10, 2022
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5. Moderate Unreviewed
CVE-2022-0755 was published Mar 8, 2022
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a... Moderate Unreviewed
CVE-2022-23232 was published Mar 5, 2022
The biometric lock in Devolutions Password Hub for iOS before 2021.3.4 allows attackers to access... Moderate Unreviewed
CVE-2022-23849 was published Mar 4, 2022
The web interface of the 1734-AENTR communication module mishandles authentication for HTTP POST... Moderate Unreviewed
CVE-2020-14504 was published Feb 25, 2022
A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this... Moderate Unreviewed
CVE-2016-2124 was published Feb 19, 2022
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in... Moderate Unreviewed
CVE-2021-46249 was published Feb 17, 2022
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated... Moderate Unreviewed
CVE-2021-43950 was published Feb 16, 2022
"catalog's registry v2 api exposed on unauthenticated path in Harbor" Moderate
CVE-2020-29662 was published for github.com/goharbor/harbor (Go) Feb 12, 2022
Microsoft SharePoint Server Security Feature BypassVulnerability. Moderate Unreviewed
CVE-2022-21968 was published Feb 10, 2022
Improper Authentication for Keycloak Moderate
CVE-2020-1718 was published for org.keycloak:keycloak-parent (Maven) Feb 9, 2022
After the initial setup process, some steps of setup.php file are reachable not only by super... Moderate Unreviewed
CVE-2022-23134 was published Feb 9, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
Hitachi Energy LinkOne product, has a vulnerability due to a web server misconfiguration, that... Moderate Unreviewed
CVE-2021-40338 was published Jan 29, 2022
Improper Authentication in phpmyadmin Moderate
CVE-2022-23807 was published for phpmyadmin/phpmyadmin (Composer) Jan 28, 2022
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without... Moderate Unreviewed
CVE-2021-33843 was published Jan 22, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21692 was published for onionshare-cli (pip) Jan 21, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21695 was published for onionshare-cli (pip) Jan 21, 2022
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to... Moderate Unreviewed
CVE-2022-22284 was published Jan 11, 2022
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to... Moderate Unreviewed
CVE-2022-22289 was published Jan 11, 2022
ProTip! Advisories are also available from the GraphQL API