Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,318
Erlang
31
GitHub Actions
21
Go
2,074
Maven
5,000+
npm
3,746
NuGet
674
pip
3,434
Pub
12
RubyGems
892
Rust
880
Swift
37
Unreviewed advisories
All unreviewed
5,000+

86 advisories

Loading
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions... Low Unreviewed
CVE-2021-25342 was published May 24, 2022
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1)... Low Unreviewed
CVE-2021-25343 was published May 24, 2022
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is... Low Unreviewed
CVE-2021-28626 was published May 24, 2022
Description: A person with physical access may be able to access contacts. This issue is fixed in... Low Unreviewed
CVE-2021-1862 was published May 24, 2022
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed... Low Unreviewed
CVE-2021-1863 was published May 24, 2022
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring... Low Unreviewed
CVE-2021-25484 was published May 24, 2022
IBM Spectrum Copy Data Management Admin 2.2.0.0 through 2.2.15.0 could allow a local attacker to... Low Unreviewed
CVE-2022-22426 was published Jun 11, 2022
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows... Low Unreviewed
CVE-2022-33689 was published Jul 13, 2022
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical... Low Unreviewed
CVE-2022-33720 was published Aug 6, 2022
parse-server auth adapter app ID validation can be circumvented Low
CVE-2022-39231 was published for parse-server (npm) Sep 21, 2022
KarolisBan
Some Dahua software products have a vulnerability of unauthenticated traceroute host from remote... Low Unreviewed
CVE-2022-45433 was published Dec 27, 2022
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD... Low Unreviewed
CVE-2022-45430 was published Dec 27, 2022
There is an improper authentication vulnerability in Pandora FMS v764. The application verifies... Low Unreviewed
CVE-2022-43978 was published Jan 28, 2023
A logic issue was addressed with improved state management. This issue is fixed in macOS Ventura... Low Unreviewed
CVE-2023-23493 was published Feb 27, 2023
Denial of service due to unauthenticated API endpoint. The following products are affected:... Low Unreviewed
CVE-2022-45456 was published Apr 26, 2023
Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1... Low Unreviewed
CVE-2023-21487 was published May 4, 2023
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest... Low Unreviewed
CVE-2023-20867 was published Jun 13, 2023
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023... Low Unreviewed
CVE-2023-30700 was published Aug 10, 2023
Dell BIOS contains an improper authentication vulnerability. A malicious user with physical... Low Unreviewed
CVE-2023-32453 was published Aug 16, 2023
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to... Low Unreviewed
CVE-2023-30711 was published Sep 6, 2023
Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows... Low Unreviewed
CVE-2023-30724 was published Sep 6, 2023
Jetty's OpenId Revoked authentication allows one request Low
CVE-2023-41900 was published for org.eclipse.jetty:jetty-openid (Maven) Sep 15, 2023
andrewmcguinness timtebeek
The Operating System hosting the FACSChorus application is configured to allow transmission of... Low Unreviewed
CVE-2023-29062 was published Nov 28, 2023
Keycloak vulnerable to impersonation via logout token exchange Low
CVE-2023-0657 was published for org.keycloak:keycloak-services (Maven) Apr 17, 2024
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and... Low Unreviewed
CVE-2024-27835 was published May 14, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database