Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+

151 advisories

Loading
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may... Critical Unreviewed
CVE-2022-30601 was published Aug 19, 2022
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible... Critical Unreviewed
CVE-2022-30285 was published Aug 3, 2022
rpc.py vulnerable to Deserialization of Untrusted Data Critical
CVE-2022-35411 was published for rpc.py (pip) Jul 9, 2022
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS... Critical Unreviewed
CVE-2021-41506 was published Jul 1, 2022
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker... Critical Unreviewed
CVE-2022-31887 was published Jun 29, 2022
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an... Critical Unreviewed
CVE-2022-2103 was published Jun 25, 2022
The Orca HCM digital learning platform uses a weak factory default administrator password, which... Critical Unreviewed
CVE-2021-35965 was published May 24, 2022
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the... Critical Unreviewed
CVE-2020-25566 was published May 24, 2022
The manage users profile services of the network camera device allows an authenticated. Remote... Critical Unreviewed
CVE-2021-30167 was published May 24, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain... Critical Unreviewed
CVE-2021-28171 was published May 24, 2022
ECOA BAS controller’s special page displays user account and passwords in plain text, thus... Critical Unreviewed
CVE-2021-41300 was published May 24, 2022
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an... Critical Unreviewed
CVE-2021-21505 was published May 24, 2022
The sensitive information of webcam device is not properly protected. Remote attackers can... Critical Unreviewed
CVE-2021-30168 was published May 24, 2022
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the... Critical Unreviewed
CVE-2019-1384 was published May 24, 2022
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials. Critical Unreviewed
CVE-2021-40520 was published May 24, 2022
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU... Critical Unreviewed
CVE-2021-20597 was published May 24, 2022
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021. Critical Unreviewed
CVE-2021-30116 was published May 24, 2022
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and... Critical Unreviewed
CVE-2021-22737 was published May 24, 2022
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the... Critical Unreviewed
CVE-2020-12061 was published May 24, 2022
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01... Critical Unreviewed
CVE-2021-27734 was published May 24, 2022
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows... Critical Unreviewed
CVE-2020-21994 was published May 24, 2022
Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly... Critical Unreviewed
CVE-2021-27372 was published May 24, 2022
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions... Critical Unreviewed
CVE-2021-22681 was published May 24, 2022
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in ... Critical Unreviewed
CVE-2020-13859 was published May 24, 2022
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with... Critical Unreviewed
CVE-2020-25848 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database