GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
83 advisories
Filter by severity
Puppet supports use of IP addresses in certnames without warning of potential risks
Low
CVE-2012-3408
was published
for
puppet
(RubyGems)
Oct 24, 2017
A user without PR can reset user authentication failures information
Low
CVE-2021-32729
was published
for
org.xwiki.platform:xwiki-platform-security-authentication-script
(Maven)
Jul 2, 2021
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to...
Low
Unreviewed
CVE-2022-25817
was published
Mar 11, 2022
** DISPUTED ** An issue was discovered in OpenSSH before 8.9. If a client is using public-key...
Low
Unreviewed
CVE-2021-36368
was published
Mar 14, 2022
An authentication issue was addressed with improved state management. This issue is fixed in...
Low
Unreviewed
CVE-2022-22656
was published
Mar 19, 2022
A vulnerability classified as problematic has been found in Mirmay Secure Private Browser and...
Low
Unreviewed
CVE-2018-25030
was published
Mar 29, 2022
SaltStack Salt Improper Authentication via Man in the Middle Attack
Low
CVE-2022-22935
was published
for
salt
(pip)
Mar 30, 2022
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get...
Low
Unreviewed
CVE-2022-25833
was published
Apr 12, 2022
The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2.1.2, and 6.x before 6.1...
Low
Unreviewed
CVE-2003-1570
was published
Apr 29, 2022
An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to...
Low
Unreviewed
CVE-2002-0507
was published
Apr 30, 2022
The proxy server in Kerio WinRoute Firewall before 6.4.1 does not properly enforce authentication...
Low
Unreviewed
CVE-2007-6385
was published
May 1, 2022
The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC...
Low
Unreviewed
CVE-2009-4409
was published
May 2, 2022
System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured...
Low
Unreviewed
CVE-2010-0014
was published
May 2, 2022
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly...
Low
Unreviewed
CVE-2009-0591
was published
May 3, 2022
The Common Code Infrastructure component in IBM DB2 8 before FP17, 9.1 before FP7, and 9.5 before...
Low
Unreviewed
CVE-2009-1905
was published
May 3, 2022
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to...
Low
Unreviewed
CVE-2022-28790
was published
May 4, 2022
IBM WebSphere Application Server (WAS) Liberty Profile 8.5 before 8.5.0.2, when SSL is not...
Low
Unreviewed
CVE-2013-0540
was published
May 5, 2022
In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices...
Low
Unreviewed
CVE-2018-8862
was published
May 13, 2022
** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android....
Low
Unreviewed
CVE-2018-12446
was published
May 14, 2022
** DISPUTED ** An issue was discovered in the com.dropbox.android application 98.2.2 for Android....
Low
Unreviewed
CVE-2018-12445
was published
May 14, 2022
IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.0.0 through 7.2.0.10, 7.2.1.0...
Low
Unreviewed
CVE-2014-6148
was published
May 17, 2022
The Risk Based Access functionality in IBM Tivoli Federated Identity Manager (TFIM) 6.2.2 before...
Low
Unreviewed
CVE-2013-5429
was published
May 17, 2022
The NTT DOCOMO overseas usage application 2.0.0 through 2.0.4 for Android does not properly...
Low
Unreviewed
CVE-2013-3659
was published
May 17, 2022
The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before...
Low
Unreviewed
CVE-2013-0578
was published
May 17, 2022
The Restrictions (aka Parental Controls) implementation in Apple iOS before 6 does not properly...
Low
Unreviewed
CVE-2012-3741
was published
May 17, 2022
ProTip!
Advisories are also available from the
GraphQL API