Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

319 advisories

Loading
After requesting multiple permissions, and closing the first permission panel, subsequent... Moderate Unreviewed
CVE-2021-29987 was published May 24, 2022
Lin-CMS-Flask vulnerable to Improper Authentication Critical
CVE-2020-18698 was published for Lin-CMS (pip) May 24, 2022
IBM Security Guardium 11.2 uses an inadequate account lockout setting that could allow a remote... High Unreviewed
CVE-2021-20427 was published May 24, 2022
OpenStack Keystone allows information disclosure during account locking High
CVE-2021-38155 was published for keystone (pip) May 24, 2022
The pairing procedure used by the Vizio P65-F1 6.0.31.4-2 and E50x-E1 10.0.31.4-2 Smart TVs and... High Unreviewed
CVE-2021-27943 was published May 24, 2022
An issue was discovered in LemonLDAP::NG before 2.0.12. Session cache corruption can lead to... High Unreviewed
CVE-2021-35472 was published May 24, 2022
Information disclosure in Logon Page in MV's mConnect application v02.001.00 allows an attacker... High Unreviewed
CVE-2020-23283 was published May 24, 2022
An issue was discovered in Stormshield SNS through 4.2.1. A brute-force attack can occur. High Unreviewed
CVE-2021-28127 was published May 24, 2022
In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in... Moderate Unreviewed
CVE-2021-33190 was published May 24, 2022
It was found that all versions of 3Scale developer portal lacked brute force protections. An... High Unreviewed
CVE-2021-3412 was published May 24, 2022
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and... Critical Unreviewed
CVE-2021-22737 was published May 24, 2022
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device, able to... High Unreviewed
CVE-2020-26556 was published May 24, 2022
InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is... Moderate Unreviewed
CVE-2021-29023 was published May 24, 2022
Gestsup before 3.2.10 allows account takeover through the password recovery functionality (remote... Critical Unreviewed
CVE-2021-31646 was published May 24, 2022
An issue was discovered in the Linux kernel before 5.11.11. The BPF subsystem does not properly... Moderate Unreviewed
CVE-2021-29648 was published May 24, 2022
** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by... High Unreviewed
CVE-2021-28248 was published May 24, 2022
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication... Critical Unreviewed
CVE-2019-18235 was published May 24, 2022
IBM Spectrum Scale 5.0.0 through 5.0.5.5 and 5.1.0 through 5.1.0.2 uses an inadequate account... Moderate Unreviewed
CVE-2020-4891 was published May 24, 2022
A vulnerability has been identified in RUGGEDCOM RM1224 (V6.3), SCALANCE M-800 (V6.3), SCALANCE... High Unreviewed
CVE-2021-25676 was published May 24, 2022
An issue was discovered in AdGuard before 0.105.2. An attacker able to get the user's cookie is... High Unreviewed
CVE-2021-27935 was published May 24, 2022
The telnet administrator service running on port 650 on Gigaset DX600A v41.00-175 devices does... Critical Unreviewed
CVE-2021-25309 was published May 24, 2022
EyesOfNetwork 5.3-10 uses an integer of between 8 and 10 digits for the session ID, which might... Critical Unreviewed
CVE-2021-27514 was published May 24, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. The login... Critical Unreviewed
CVE-2020-35565 was published May 24, 2022
The Sovremennye Delovye Tekhnologii FX Aggregator terminal client 1 allows attackers to cause a... High Unreviewed
CVE-2021-27188 was published May 24, 2022
Improper restriction of excessive authentication attempts in LOGITEC LAN-WH450N/GR allows an... Moderate Unreviewed
CVE-2021-20635 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database