GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,204
Composer 4,097
Erlang 29
GitHub Actions 19
Go 1,925
Maven 5,117
npm 3,657
NuGet 638
pip 3,264
Pub 10
RubyGems 873
Rust 823
Swift 35

Unreviewed advisories

All unreviewed 229,429

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

292 advisories

Filter by severity

Sort by

Least recently updated

Rdiffweb is missing authentication for critical function Critical

CVE-2022-3327 was published for rdiffweb (pip) Oct 20, 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business... Critical Unreviewed

CVE-2022-21587 was published Oct 19, 2022

An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version... Critical Unreviewed

CVE-2022-40684 was published Oct 18, 2022

In Carlo Gavazzi UWP3.0 in multiple versions and CPY Car Park Server in Version 2.8.3 a missing... Critical Unreviewed

CVE-2022-22526 was published Sep 29, 2022

The Cognex 3D-A1000 Dimensioning System in firmware version 1.0.3 (3354) and prior is vulnerable... Critical Unreviewed

CVE-2022-1368 was published Sep 7, 2022

Honeywell Experion LX through 2022-05-06 has Missing Authentication for a Critical Function.... Critical Unreviewed

CVE-2022-30317 was published Sep 1, 2022

Missing authentication for critical function vulnerability in UNIMO Technology digital video... Critical Unreviewed

CVE-2022-35733 was published Aug 24, 2022

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at... Critical Unreviewed

CVE-2022-34858 was published Aug 23, 2022

A vulnerability was found in SourceCodester Company Website CMS 1.0. It has been declared as... Critical Unreviewed

CVE-2022-2765 was published Aug 12, 2022

The KUKA SystemSoftware V/KSS in versions prior to 8.6.5 is prone to improper access control as... Critical Unreviewed

CVE-2022-2242 was published Aug 11, 2022

This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed

CVE-2022-35865 was published Aug 4, 2022

Bently Nevada condition monitoring equipment through 2022-04-29 mishandles authentication. It... Critical Unreviewed

CVE-2022-29952 was published Jul 27, 2022

JTEKT TOYOPUC PLCs through 2022-04-29 mishandle authentication. They utilize the CMPLink/TCP... Critical Unreviewed

CVE-2022-29951 was published Jul 27, 2022

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker... Critical Unreviewed

CVE-2022-20858 was published Jul 22, 2022

Multiple vulnerabilities in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker... Critical Unreviewed

CVE-2022-20857 was published Jul 22, 2022

SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication. Critical Unreviewed

CVE-2022-2141 was published Jul 21, 2022

A vulnerability has been identified in SIMATIC eaSie Core Package (All versions < V22.00). The... Critical Unreviewed

CVE-2021-44222 was published Jul 13, 2022

There is no account authentication and permission check logic in the firmware and existing apps... Critical Unreviewed

CVE-2021-26637 was published Jun 24, 2022

A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),... Critical Unreviewed

CVE-2022-30230 was published Jun 15, 2022

A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.1). There... Critical Unreviewed

CVE-2022-32251 was published Jun 15, 2022

A file write vulnerability exists in the OAS Engine SecureTransferFiles functionality of Open... Critical Unreviewed

CVE-2022-26082 was published May 26, 2022

An improper authentication vulnerability exists in the REST API functionality of Open Automation... Critical Unreviewed

CVE-2022-26833 was published May 26, 2022

The affected product’s configuration is vulnerable due to missing authentication, which may allow... Critical Unreviewed

CVE-2021-32930 was published May 24, 2022

The manage users profile services of the network camera device allows an authenticated. Remote... Critical Unreviewed

CVE-2021-30167 was published May 24, 2022

The server permits communication without any authentication procedure, allowing the attacker to... Critical Unreviewed

CVE-2021-38457 was published May 24, 2022

Previous 1 2 3 4 5 6 7 … 11 12 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

292 advisories