Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,184 advisories

Loading
Incorrect Authentication in shopware Moderate
CVE-2022-24748 was published for shopware/core (Composer) Mar 10, 2022
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows... Moderate Unreviewed
CVE-2022-25825 was published Mar 11, 2022
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1... Moderate Unreviewed
CVE-2022-25816 was published Mar 11, 2022
Sudden swap of user auth tokens in Volto Moderate
CVE-2022-24740 was published for @plone/volto (npm) Mar 14, 2022
A lack of password change protection vulnerability in a depreciated API of McAfee Enterprise... Moderate Unreviewed
CVE-2022-0862 was published Mar 24, 2022
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4,... Moderate Unreviewed
CVE-2021-4191 was published Mar 29, 2022
Incorrect Access Control in ImpressCMS Moderate
CVE-2021-26598 was published for impresscms/impresscms (Composer) Mar 29, 2022
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the... Moderate Unreviewed
CVE-2021-45900 was published Apr 1, 2022
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A... Moderate Unreviewed
CVE-2022-23156 was published Apr 2, 2022
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11... Moderate Unreviewed
CVE-2022-1148 was published Apr 5, 2022
Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1... Moderate Unreviewed
CVE-2022-27839 was published Apr 12, 2022
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical... Moderate Unreviewed
CVE-2022-25832 was published Apr 12, 2022
Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that... Moderate Unreviewed
CVE-2022-26091 was published Apr 12, 2022
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical... Moderate Unreviewed
CVE-2022-25831 was published Apr 12, 2022
Navigating to a specific URL with a patient ID number will result in the server generating a PDF... Moderate Unreviewed
CVE-2022-1067 was published Apr 12, 2022
** UNSUPPORTED WHEN ASSIGNED ** A post-authentication arbitrary file read vulnerability impacting... Moderate Unreviewed
CVE-2022-22279 was published Apr 14, 2022
stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it... Moderate Unreviewed
CVE-2010-2496 was published Apr 21, 2022
A business logic vulnerability exists in Mi App Store. The vulnerability is caused by incomplete... Moderate Unreviewed
CVE-2020-14121 was published Apr 22, 2022
Keycloak is vulnerable to IDN homograph attack Moderate
CVE-2021-3424 was published for org.keycloak:keycloak-services (Maven) Apr 28, 2022
Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows... Moderate Unreviewed
CVE-2003-1433 was published Apr 29, 2022
login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1)... Moderate Unreviewed
CVE-2003-1434 was published Apr 29, 2022
Netbus 1.5 through 1.7 allows more than one client to be connected at the same time, but only... Moderate Unreviewed
CVE-2003-1475 was published Apr 29, 2022
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the... Moderate Unreviewed
CVE-2003-1489 was published Apr 29, 2022
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and... Moderate Unreviewed
CVE-2004-2736 was published Apr 29, 2022
Improper Authentication in moodle Moderate
CVE-2022-0985 was published for moodle/moodle (Composer) Apr 30, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database