GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,268
Erlang
31
GitHub Actions
21
Go
2,042
Maven
5,000+
npm
3,735
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
867
Swift
36
Unreviewed advisories
All unreviewed
5,000+
951 advisories
Filter by severity
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ
Moderate
CVE-2015-7559
was published
for
org.apache.activemq:activemq-client
(Maven)
Aug 1, 2019
Missing Authentication for Critical Function in LibreNMS
Moderate
CVE-2019-10668
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Keycloak Missing authentication for critical function
Moderate
CVE-2021-20262
was published
for
org.keycloak:keycloak-core
(Maven)
Mar 12, 2021
Authentication bypass for specific endpoint
High
CVE-2021-29442
was published
for
com.alibaba.nacos:nacos-common
(Maven)
Apr 27, 2021
Improper Authentication in Apache Airflow
Moderate
CVE-2021-26697
was published
for
apache-airflow
(pip)
Jun 18, 2021
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually
Moderate
CVE-2021-32659
was published
for
matrix-appservice-bridge
(npm)
Jun 21, 2021
Creation of order credits was not validated by acl in admin orders
Low
GHSA-g7w8-pp9w-7p32
was published
for
shopware/core
(Composer)
Jun 28, 2021
Missing Authentication for Critical Function
Moderate
CVE-2021-32709
was published
for
shopware/platform
(Composer)
Jun 29, 2021
Missing Authentication for Critical Function in Saleor
Moderate
CVE-2020-7964
was published
for
saleor
(pip)
Jul 28, 2021
XStream is vulnerable to a Remote Command Execution attack
High
CVE-2021-39144
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Aug 25, 2021
Missing Authorization in Apache Airflow
Moderate
CVE-2021-35936
was published
for
apache-airflow
(pip)
Aug 30, 2021
Authentication bypass issue in the Operator Console
High
CVE-2021-41266
was published
for
github.com/minio/console
(Go)
Nov 15, 2021
Missing Authentication for Critical Function vulnerability in debug_post_set.cgi of D-Link DWR...
Critical
Unreviewed
CVE-2021-42783
was published
Nov 24, 2021
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download...
High
Unreviewed
CVE-2021-38147
was published
Nov 30, 2021
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require...
High
Unreviewed
CVE-2021-34543
was published
Dec 8, 2021
A Missing Authentication vulnerability in RobotWare for the OmniCore robot controller allows an...
Critical
Unreviewed
CVE-2021-22279
was published
Dec 14, 2021
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not...
Critical
Unreviewed
CVE-2021-44152
was published
Dec 14, 2021
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise...
Critical
Unreviewed
CVE-2021-36888
was published
Dec 16, 2021
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check....
Moderate
Unreviewed
CVE-2021-1011
was published
Dec 16, 2021
In Apache APISIX Dashboard before 2.10.1, the Manager API uses two frameworks and introduces...
Critical
Unreviewed
CVE-2021-45232
was published
Dec 28, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent...
Moderate
Unreviewed
CVE-2021-20152
was published
Dec 31, 2021
Missing Authentication for Critical Function in Apache NiFi
High
CVE-2020-9487
was published
for
org.apache.nifi:nifi
(Maven)
Jan 6, 2022
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip...
Critical
Unreviewed
CVE-2021-28506
was published
Jan 15, 2022
NUUO NVRmini2 through 3.11 allows an unauthenticated attacker to upload an encrypted TAR archive,...
Critical
Unreviewed
CVE-2022-23227
was published
Jan 15, 2022
ProTip!
Advisories are also available from the
GraphQL API