GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
143 advisories
Filter by severity
Missing Token Replay Detection in Saml2 Authentication services for ASP.NET
High
CVE-2020-5261
was published
for
Sustainsys.Saml2
(NuGet)
Mar 25, 2020
Authentication Bypass in hydra
Moderate
CVE-2020-5300
was published
for
github.com/ory/hydra
(Go)
May 27, 2021
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7...
Critical
Unreviewed
CVE-2021-41030
was published
Dec 9, 2021
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2...
Moderate
Unreviewed
CVE-2021-40170
was published
Dec 16, 2021
The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is...
Moderate
Unreviewed
CVE-2021-46145
was published
Jan 7, 2022
Capture-replay in Gitea
Critical
CVE-2021-45327
was published
for
github.com/go-gitea/gitea
(Go)
Feb 9, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint
High
CVE-2021-25834
was published
for
github.com/cosmos/ethermint
(Go)
Feb 15, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint
High
CVE-2021-25835
was published
for
github.com/cosmos/ethermint
(Go)
Feb 15, 2022
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for...
High
Unreviewed
CVE-2021-39364
was published
Feb 25, 2022
Multi-Factor Authentication issue in Laravel Fortify
High
CVE-2022-25838
was published
for
laravel/fortify
(Composer)
Feb 25, 2022
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an...
Critical
Unreviewed
CVE-2022-22806
was published
Mar 10, 2022
Authentication Bypass by Capture-replay in Apache Spark
High
CVE-2021-38296
was published
for
org.apache.spark:spark-core
(Maven)
Mar 11, 2022
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door...
Moderate
Unreviewed
CVE-2022-27254
was published
Mar 25, 2022
SaltStack Salt Authentication Bypass by Capture-replay
High
CVE-2022-22936
was published
for
salt
(pip)
Mar 30, 2022
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series...
High
Unreviewed
CVE-2022-25159
was published
Apr 3, 2022
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric...
High
Unreviewed
CVE-2022-25155
was published
Apr 3, 2022
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to...
High
Unreviewed
CVE-2020-27374
was published
Apr 8, 2022
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange...
High
Unreviewed
CVE-2002-0054
was published
Apr 30, 2022
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product...
Critical
Unreviewed
CVE-2018-7790
was published
May 13, 2022
The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control,...
Critical
Unreviewed
CVE-2019-9659
was published
May 13, 2022
All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are...
High
Unreviewed
CVE-2018-17935
was published
May 13, 2022
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command...
Critical
Unreviewed
CVE-2018-17903
was published
May 13, 2022
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode...
High
Unreviewed
CVE-2018-17176
was published
May 13, 2022
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100)...
High
Unreviewed
CVE-2019-3915
was published
May 13, 2022
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence...
High
Unreviewed
CVE-2018-7356
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API