GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,572
Composer 4,205
Erlang 31
GitHub Actions 19
Go 1,986
Maven 5,163
npm 3,703
NuGet 661
pip 3,329
Pub 11
RubyGems 884
Rust 843
Swift 36

Unreviewed advisories

All unreviewed 234,070

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

314 advisories

Filter by severity

Sort by

Least recently updated

eQ-3 AG HomeMatic CCU2 2.29.22 devices have an open XML-RPC port without authentication. This can... Critical Unreviewed

CVE-2018-7301 was published May 14, 2022

A design flaw issue was found in the Red Hat OpenStack Platform director use of TripleO to enable... Critical Unreviewed

CVE-2017-2637 was published May 13, 2022

A potential security vulnerability has been identified in HPE Application Performance Management ... Critical Unreviewed

CVE-2017-14350 was published May 17, 2022

In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces... Critical Unreviewed

CVE-2021-45232 was published Dec 28, 2021

NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive,... Critical Unreviewed

CVE-2022-23227 was published Jan 15, 2022

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause... Critical Unreviewed

CVE-2021-22805 was published Feb 12, 2022

A CWE-306: Missing Authentication for Critical Function vulnerability exists that could cause... Critical Unreviewed

CVE-2021-22823 was published Feb 12, 2022

Emerson OpenEnterprise versions through 3.3.4 may allow an attacker to run an arbitrary commands... Critical Unreviewed

CVE-2020-10640 was published Feb 25, 2022

Power Line Communications PLC4TRUCKS J2497 trailer brake controllers implement diagnostic... Critical Unreviewed

CVE-2022-25922 was published Mar 11, 2022

The ClearPass Policy Manager web interface is affected by a vulnerability that leads to... Critical Unreviewed

CVE-2020-7115 was published May 24, 2022

A recently discovered security vulnerability affects all Bosch Video Management System (BVMS)... Critical Unreviewed

CVE-2019-6958 was published May 24, 2022

It was found that default configuration of Heketi does not require any authentication potentially... Critical Unreviewed

CVE-2019-3899 was published May 24, 2022

A CWE-306: Missing Authentication for Critical Function The software does not perform any... Critical Unreviewed

CVE-2022-42970 was published Feb 1, 2023

The configuration backend allows an unauthenticated user to write arbitrary data with root... Critical Unreviewed

CVE-2022-45140 was published Feb 27, 2023

The configuration backend of the web-based management can be used by unauthenticated users,... Critical Unreviewed

CVE-2022-45138 was published Feb 27, 2023

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication to create... Critical Unreviewed

CVE-2023-22804 was published Feb 15, 2023

LS ELECTRIC XBC-DN32U with operating system version 01.80 is missing authentication for its... Critical Unreviewed

CVE-2023-0102 was published Feb 15, 2023

A vulnerability classified as critical was found in SourceCodester Online Pizza Ordering System 1... Critical Unreviewed

CVE-2023-0906 was published Feb 18, 2023

Missing Authentication for Critical Function in SICK FX0-GENT v3 Firmware Version V3.04 and V3.05... Critical Unreviewed

CVE-2023-23453 was published Feb 21, 2023

Missing Authentication for Critical Function in SICK FX0-GPNT v3 Firmware Version V3.04 and V3.05... Critical Unreviewed

CVE-2023-23452 was published Feb 21, 2023

A vulnerability in the Virtual Network Computing (VNC) console implementation of Cisco Enterprise... Critical Unreviewed

CVE-2019-1895 was published May 24, 2022

An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows... Critical Unreviewed

CVE-2022-45551 was published Mar 3, 2023

The Akuvox E11 web server can be accessed without any user authentication, and this could allow... Critical Unreviewed

CVE-2023-0354 was published Mar 13, 2023

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version... Critical Unreviewed

CVE-2022-40684 was published Oct 18, 2022

Apache OpenMeetings missing authentication and can allow user impersonation Critical

CVE-2023-28326 was published for org.apache.openmeetings:openmeetings-parent (Maven) Mar 28, 2023

Previous 1 2 … 5 6 7 8 9 … 12 13 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

314 advisories