Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,339
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,763
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,612 advisories

Loading
There is a Improper Authentication vulnerability in Huawei Smartphone.Successful exploitation of... High Unreviewed
CVE-2021-37100 was published Dec 8, 2021
The GOautodial API prior to commit 3c3a979 made on October 13th, 2021 exposes an API router that... High Unreviewed
CVE-2021-43175 was published Dec 8, 2021
Maharashtra State Electricity Board Mahavitara Android Application 8.20 and prior is vulnerable... Critical Unreviewed
CVE-2021-41716 was published Dec 8, 2021
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic... Critical Unreviewed
CVE-2021-39890 was published Dec 7, 2021
The authentication algorithm of the WebHMI portal is sound, but the implemented mechanism can be... Critical Unreviewed
CVE-2021-43931 was published Dec 7, 2021
Improper access control vulnerability in ELECOM LAN routers (WRC-1167GST2 firmware v1.25 and... High Unreviewed
CVE-2021-20861 was published Dec 2, 2021
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the... Moderate Unreviewed
CVE-2021-29779 was published Dec 2, 2021
API token verification can be bypassed in NodeBB Critical
CVE-2021-43786 was published for nodebb (npm) Nov 30, 2021
paul-gerste-sonarsource
Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and... Critical Unreviewed
CVE-2021-44077 was published Nov 30, 2021
A vulnerability in the web application of Cisco Common Services Platform Collector (CSPC) could... Moderate Unreviewed
CVE-2021-40130 was published Nov 20, 2021
Improper Authentication in Apache ShenYu Admin Critical
CVE-2021-37580 was published for org.apache.shenyu:shenyu-admin (Maven) Nov 17, 2021
intrigus-lgtm
Showdoc File Upload Vulnerability Critical
CVE-2021-41745 was published for showdoc/showdoc (Composer) Oct 25, 2021
Deleted Admin Can Sign In to Admin Interface High
CVE-2021-41126 was published for october/october (Composer) Oct 6, 2021
Authentication bypass for viewing and deletions of snapshots High
CVE-2021-39226 was published for github.com/grafana/grafana (Go) Oct 5, 2021
theblackturtle
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
Improper Access Control in passport-oauth2 Moderate
CVE-2021-41580 was published for passport-oauth2 (npm) Sep 29, 2021
Apache Shiro vulnerable to a specially crafted HTTP request causing an authentication bypass Critical
CVE-2021-41303 was published for org.apache.shiro:shiro-core (Maven) Sep 20, 2021
User impersonation due to incorrect handling of the login JWT High
CVE-2021-39177 was published for org.geysermc:connector (Maven) Sep 7, 2021
Redned235 Camotoy
clankstar Ry0taK
Authentication bypass in Apache Zeppelin High
CVE-2020-13929 was published for org.apache.zeppelin:zeppelin (Maven) Sep 7, 2021
Improper Authentication High
CVE-2019-20894 was published for github.com/traefik/traefik/v2 (Go) Sep 2, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
October CMS auth bypass and account takeover High
CVE-2021-29487 was published for october/system (Composer) Aug 30, 2021
Account Takeover in Octobercms High
CVE-2021-32648 was published for october/system (Composer) Aug 30, 2021
Unauthenticated SQL Injection in Cachet High
CVE-2021-39165 was published for cachethq/cachet (Composer) Aug 30, 2021
phith0n
parse-server new anonymous user session acts as if it's created with password Moderate
CVE-2021-39138 was published for parse-server (npm) Aug 23, 2021
cbaker6
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database