GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
885 advisories
Filter by severity
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR...
Critical
Unreviewed
CVE-2021-42783
was published
Nov 24, 2021
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download...
High
Unreviewed
CVE-2021-38147
was published
Nov 30, 2021
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require...
High
Unreviewed
CVE-2021-34543
was published
Dec 8, 2021
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an...
Critical
Unreviewed
CVE-2021-22279
was published
Dec 14, 2021
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not...
Critical
Unreviewed
CVE-2021-44152
was published
Dec 14, 2021
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise...
Critical
Unreviewed
CVE-2021-36888
was published
Dec 16, 2021
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check....
Moderate
Unreviewed
CVE-2021-1011
was published
Dec 16, 2021
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces...
Critical
Unreviewed
CVE-2021-45232
was published
Dec 28, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent...
Moderate
Unreviewed
CVE-2021-20152
was published
Dec 31, 2021
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip...
Critical
Unreviewed
CVE-2021-28506
was published
Jan 15, 2022
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive,...
Critical
Unreviewed
CVE-2022-23227
was published
Jan 15, 2022
The Bosch software tools AccessIPConfig.exe and AmcIpConfig.exe are used to configure certains...
High
Unreviewed
CVE-2021-23843
was published
Jan 20, 2022
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component:...
Critical
Unreviewed
CVE-2021-35587
was published
Jan 20, 2022
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without...
Moderate
Unreviewed
CVE-2021-33843
was published
Jan 22, 2022
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute...
High
Unreviewed
CVE-2022-23220
was published
Jan 22, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on...
Moderate
Unreviewed
CVE-2021-34870
was published
Jan 26, 2022
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All...
Moderate
Unreviewed
CVE-2021-26264
was published
Jan 29, 2022
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a...
Moderate
Unreviewed
CVE-2022-21816
was published
Feb 8, 2022
A denial of service vulnerability exists in the Modbus configuration functionality of Sealevel...
High
Unreviewed
CVE-2021-21964
was published
Feb 10, 2022
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have...
Moderate
Unreviewed
CVE-2022-24111
was published
Feb 11, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow...
Moderate
Unreviewed
CVE-2022-22809
was published
Feb 11, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause...
Critical
Unreviewed
CVE-2021-22823
was published
Feb 12, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause...
Critical
Unreviewed
CVE-2021-22805
was published
Feb 12, 2022
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, may arbitrarily...
Moderate
Unreviewed
CVE-2022-0188
was published
Feb 15, 2022
Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands...
Critical
Unreviewed
CVE-2020-10640
was published
Feb 25, 2022
ProTip!
Advisories are also available from the
GraphQL API