GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
311 advisories
Filter by severity
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR...
Critical
Unreviewed
CVE-2021-42783
was published
Nov 24, 2021
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an...
Critical
Unreviewed
CVE-2021-22279
was published
Dec 14, 2021
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not...
Critical
Unreviewed
CVE-2021-44152
was published
Dec 14, 2021
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise...
Critical
Unreviewed
CVE-2021-36888
was published
Dec 16, 2021
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces...
Critical
Unreviewed
CVE-2021-45232
was published
Dec 28, 2021
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip...
Critical
Unreviewed
CVE-2021-28506
was published
Jan 15, 2022
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive,...
Critical
Unreviewed
CVE-2022-23227
was published
Jan 15, 2022
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2021-35587
was published
Jan 20, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause...
Critical
Unreviewed
CVE-2021-22805
was published
Feb 12, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause...
Critical
Unreviewed
CVE-2021-22823
was published
Feb 12, 2022
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands...
Critical
Unreviewed
CVE-2020-10640
was published
Feb 25, 2022
Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic...
Critical
Unreviewed
CVE-2022-25922
was published
Mar 11, 2022
Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) may allow an...
Critical
Unreviewed
CVE-2022-25247
was published
Mar 17, 2022
When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows...
Critical
Unreviewed
CVE-2022-25251
was published
Mar 17, 2022
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
Critical
Unreviewed
CVE-2022-26501
was published
Mar 18, 2022
A vulnerability is in the 'wx.html' page of the WAVLINK AC1200, version WAVLINK-A42W-1.27.6...
Critical
Unreviewed
CVE-2021-44259
was published
Mar 18, 2022
In Totolink A3100R V5.9c.4577, multiple pages can be read by curl or Burp Suite without...
Critical
Unreviewed
CVE-2021-46009
was published
Apr 1, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 does not perform any authentication for...
Critical
Unreviewed
CVE-2021-33008
was published
Apr 5, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0992
was published
Apr 20, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0993
was published
Apr 20, 2022
xlockmore 5.13 allows potential xlock bypass when FVWM switches to the same virtual desktop as a...
Critical
Unreviewed
CVE-2006-0062
was published
Apr 21, 2022
Missing authentication for critical function in AssetView prior to Ver.13.2.0 allows a remote...
Critical
Unreviewed
CVE-2022-28719
was published
Apr 29, 2022
Multiple Version of TRUMPF TruTops products expose a service function without necessary...
Critical
Unreviewed
CVE-2022-1300
was published
May 3, 2022
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x...
Critical
Unreviewed
CVE-2022-1388
was published
May 6, 2022
Summer Baby Zoom Wifi Monitor & Internet Viewing System allows remote attackers to bypass...
Critical
Unreviewed
CVE-2015-2888
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API