GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,184 advisories
Filter by severity
Validation bypass is possible in Json Pattern Validator
Moderate
CVE-2019-19507
was published
for
jpv
(npm)
Dec 4, 2019
Authentication bypass via incorrect XML canonicalization and DOM traversal in saml2-js
Moderate
CVE-2017-11429
was published
for
saml2-js
(npm)
Jul 5, 2019
Moderate severity vulnerability that affects Products.PlonePAS
Moderate
CVE-2009-0662
was published
for
Products.PlonePAS
(pip)
Jul 23, 2018
Authentication Bypass in saml2-js
Moderate
GHSA-mfcp-34xw-p57x
was published
for
saml2-js
(npm)
Sep 3, 2020
Lack of URL normalization may lead to authorization bypass when URL access rules are used
Moderate
CVE-2020-24660
was published
for
lemonldap-ng-handler
(npm)
Sep 9, 2020
Validation Bypass in paypal-ipn
Moderate
CVE-2014-10067
was published
for
paypal-ipn
(npm)
Aug 31, 2020
"catalog's registry v2 api exposed on unauthenticated path in Harbor"
Moderate
CVE-2020-29662
was published
for
github.com/goharbor/harbor
(Go)
Feb 12, 2022
IBM QRadar SIEM 7.3 and 7.4 could allow an attacker to obtain sensitive information due to the...
Moderate
Unreviewed
CVE-2021-29779
was published
Dec 2, 2021
Sudden swap of user auth tokens in Volto
Moderate
CVE-2022-24740
was published
for
@plone/volto
(npm)
Mar 14, 2022
Red Hat Network (RHN) Satellite Server 5.4 does not use a time delay after a failed login attempt...
Moderate
Unreviewed
CVE-2011-0718
was published
May 17, 2022
VMware vFabric tc Server (aka SpringSource tc Server) 2.0.x before 2.0.6.RELEASE and 2.1.x before...
Moderate
Unreviewed
CVE-2011-0527
was published
May 17, 2022
nslcd/pam.c in the nss-pam-ldapd 0.8.0 PAM module returns a success code when a user is not found...
Moderate
Unreviewed
CVE-2011-0438
was published
May 17, 2022
Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin...
Moderate
Unreviewed
CVE-2011-0435
was published
May 17, 2022
The Mobile User Security (MUS) service on Cisco Adaptive Security Appliances (ASA) 5500 series...
Moderate
Unreviewed
CVE-2010-4690
was published
May 17, 2022
parse-server new anonymous user session acts as if it's created with password
Moderate
CVE-2021-39138
was published
for
parse-server
(npm)
Aug 23, 2021
Utils.readChallengeTx does not verify the server account signature
Moderate
CVE-2021-32738
was published
for
stellar-sdk
(npm)
Jul 2, 2021
Incorrect Access Control in ImpressCMS
Moderate
CVE-2021-26598
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
An issue has been discovered in GitLab CE/EE affecting versions 13.0 to 14.6.5, 14.7 to 14.7.4,...
Moderate
Unreviewed
CVE-2021-4191
was published
Mar 29, 2022
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for...
Moderate
Unreviewed
CVE-2021-44848
was published
Dec 14, 2021
Sysaid API User Enumeration - Attacker sending requests to specific api path without any...
Moderate
Unreviewed
CVE-2021-36721
was published
Dec 15, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated...
Moderate
Unreviewed
CVE-2021-39916
was published
Dec 14, 2021
Vivoh Webinar Manager before 3.6.3.0 has improper API authentication. When a user logs in to the...
Moderate
Unreviewed
CVE-2021-45900
was published
Apr 1, 2022
Wyse Device Agent version 14.6.1.4 and below contain an Improper Authentication vulnerability. A...
Moderate
Unreviewed
CVE-2022-23156
was published
Apr 2, 2022
Improper authorization in GitLab Pages included with GitLab CE/EE affecting all versions from 11...
Moderate
Unreviewed
CVE-2022-1148
was published
Apr 5, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 improperly discloses information via redirection from...
Moderate
Unreviewed
CVE-2021-20150
was published
Dec 31, 2021
ProTip!
Advisories are also available from the
GraphQL API