GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
151 advisories
Filter by severity
Insufficiently protected credentials for Intel(R) AMT and Intel(R) Standard Manageability may...
Critical
Unreviewed
CVE-2022-30601
was published
Aug 19, 2022
In Quest KACE Systems Management Appliance (SMA) through 12.0, a hash collision is possible...
Critical
Unreviewed
CVE-2022-30285
was published
Aug 3, 2022
rpc.py vulnerable to Deserialization of Untrusted Data
Critical
CVE-2022-35411
was published
for
rpc.py
(pip)
Jul 9, 2022
Xiaongmai AHB7008T-MH-V2, AHB7804R-ELS, AHB7804R-MH-V2, AHB7808R-MS-V2, AHB7808R-MS, AHB7808T-MS...
Critical
Unreviewed
CVE-2021-41506
was published
Jul 1, 2022
Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker...
Critical
Unreviewed
CVE-2022-31887
was published
Jun 29, 2022
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an...
Critical
Unreviewed
CVE-2022-2103
was published
Jun 25, 2022
The Orca HCM digital learning platform uses a weak factory default administrator password, which...
Critical
Unreviewed
CVE-2021-35965
was published
May 24, 2022
In SapphireIMS 5.0, it is possible to take over an account by sending a request to the...
Critical
Unreviewed
CVE-2020-25566
was published
May 24, 2022
The manage users profile services of the network camera device allows an authenticated. Remote...
Critical
Unreviewed
CVE-2021-30167
was published
May 24, 2022
The Vangene deltaFlow E-platform does not take properly protective measures. Attackers can obtain...
Critical
Unreviewed
CVE-2021-28171
was published
May 24, 2022
ECOA BAS controller’s special page displays user account and passwords in plain text, thus...
Critical
Unreviewed
CVE-2021-41300
was published
May 24, 2022
Dell EMC Integrated System for Microsoft Azure Stack Hub, versions 1906 – 2011, contain an...
Critical
Unreviewed
CVE-2021-21505
was published
May 24, 2022
The sensitive information of webcam device is not properly protected. Remote attackers can...
Critical
Unreviewed
CVE-2021-30168
was published
May 24, 2022
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the...
Critical
Unreviewed
CVE-2019-1384
was published
May 24, 2022
Airangel HSMX Gateway devices through 5.2.04 have Weak SSH Credentials.
Critical
Unreviewed
CVE-2021-40520
was published
May 24, 2022
Insufficiently Protected Credentials vulnerability in Mitsubishi Electric MELSEC iQ-R series CPU...
Critical
Unreviewed
CVE-2021-20597
was published
May 24, 2022
Kaseya VSA before 9.5.7 allows credential disclosure, as exploited in the wild in July 2021.
Critical
Unreviewed
CVE-2021-30116
was published
May 24, 2022
Insufficiently Protected Credentials vulnerability exists in homeLYnk (Wiser For KNX) and...
Critical
Unreviewed
CVE-2021-22737
was published
May 24, 2022
An issue was discovered in Nitrokey FIDO U2F firmware through 1.1. Communication between the...
Critical
Unreviewed
CVE-2020-12061
was published
May 24, 2022
Hirschmann HiOS 07.1.01, 07.1.02, and 08.1.00 through 08.5.xx and HiSecOS 03.3.00 through 03.5.01...
Critical
Unreviewed
CVE-2021-27734
was published
May 24, 2022
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows...
Critical
Unreviewed
CVE-2020-21994
was published
May 24, 2022
Realtek xPON RTL9601D SDK 1.9 stores passwords in plaintext which may allow attackers to possibly...
Critical
Unreviewed
CVE-2021-27372
was published
May 24, 2022
Rockwell Automation Studio 5000 Logix Designer Versions 21 and later, and RSLogix 5000 Versions...
Critical
Unreviewed
CVE-2021-22681
was published
May 24, 2022
An issue was discovered on Mofi Network MOFI4500-4GXeLTE 4.0.8-std devices. A format error in ...
Critical
Unreviewed
CVE-2020-13859
was published
May 24, 2022
HGiga MailSherlock contains weak authentication flaw that attackers grant privilege remotely with...
Critical
Unreviewed
CVE-2020-25848
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API