Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,988
Erlang
29
GitHub Actions
16
Go
1,776
Maven
5,000+
npm
3,542
NuGet
617
pip
3,125
Pub
10
RubyGems
838
Rust
790
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,441 advisories

Loading
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated... Moderate Unreviewed
CVE-2021-43950 was published Feb 16, 2022
A vulnerability within the authentication process of Abacus ERP allows a remote attacker to... High Unreviewed
CVE-2022-1065 was published Apr 20, 2022
Argo CD will blindly trust JWT claims if anonymous access is enabled Critical
CVE-2022-29165 was published for github.com/argoproj/argo-cd (Go) May 24, 2022
VMware Workspace ONE Access has two authentication bypass vulnerabilities (CVE-2022-22955 & CVE... Critical Unreviewed
CVE-2022-22955 was published Apr 14, 2022
The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1... Moderate Unreviewed
CVE-2010-2940 was published May 17, 2022
Zoho ManageEngine Desktop Central before 10.1.2137.9 and Desktop Central MSP before 10.1.2137.9... Critical Unreviewed
CVE-2021-44757 was published Jan 19, 2022
TOTOLINK X5000R v9.1.0u.6118_B20201102 was discovered to use the HTTP protocol for authentication... High Unreviewed
CVE-2021-45735 was published Feb 5, 2022
Real-time image information exposure is caused by insufficient authentication for activated RTSP... High Unreviewed
CVE-2021-26627 was published Apr 20, 2022
Improper authentication vulnerability in the communication protocol provided by AD (Automation... Critical Unreviewed
CVE-2022-26034 was published Apr 16, 2022
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it... Moderate Unreviewed
CVE-2010-2496 was published Apr 21, 2022
Multiple Tenda devices are affected by authentication bypass, such as AC15V1.0 Firmware V15.03.05... Critical Unreviewed
CVE-2021-44971 was published Jan 29, 2022
An authorization bypass exploited by a user-controlled key in SpecificApps REST API in... Moderate Unreviewed
CVE-2021-46249 was published Feb 17, 2022
ECP SAML binding bypasses authentication flows High
CVE-2021-3827 was published for org.keycloak:keycloak-saml-core (Maven) Apr 27, 2022
An exploitable vulnerability exists in the generation of authentication token functionality of... Critical Unreviewed
CVE-2017-2864 was published May 13, 2022
Insufficient security checks exist in the recovery procedure used by the Foscam C1 Indoor HD... High Unreviewed
CVE-2017-2871 was published May 13, 2022
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete... Moderate Unreviewed
CVE-2020-14121 was published Apr 22, 2022
Improper Authentication in Mortbay Jetty High
CVE-2007-5614 was published for org.mortbay.jetty:jetty (Maven) May 1, 2022
Improper Authentication in Apache Kafka Moderate
CVE-2017-12610 was published for org.apache.kafka:kafka-clients (Maven) May 13, 2022
Improper Authentication in django-mfa3 High
CVE-2022-24857 was published for django-mfa3 (pip) Apr 22, 2022
stefanw
Improper Authentication in Apache Tomcat Moderate
CVE-2013-2067 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Authentication in Spring Security High
CVE-2014-0097 was published for org.springframework.security:spring-security-core (Maven) May 13, 2022
An exploitable authentication bypass vulnerability exists in the API daemon of Circle with Disney... High Unreviewed
CVE-2017-2914 was published May 13, 2022
Limited Authentication Bypass for Media Files Moderate
CVE-2022-29237 was published for org.opencastproject:opencast-ingest-service-impl (Maven) May 25, 2022
lkiesow
A denial of service vulnerability exists in the SeaMax remote configuration functionality of... High Unreviewed
CVE-2021-21965 was published Feb 10, 2022
The Limit Login Attempts plugin before 1.7.1 for WordPress does not clear auth cookies upon a... Critical Unreviewed
CVE-2012-10001 was published Apr 23, 2022
ProTip! Advisories are also available from the GraphQL API