GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,520 advisories
Filter by severity
Zoho ManageEngine ServiceDesk Plus before 12003 allows authentication bypass in certain admin...
Critical
Unreviewed
CVE-2021-44526
was published
Dec 24, 2021
An authentication bypass vulnerability exists in the CMA run_server_6877 functionality of Garrett...
High
Unreviewed
CVE-2021-21902
was published
Dec 23, 2021
An authentication bypass vulnerability exists in the CMD_DEVICE_GET_RSA_KEY_REQUEST functionality...
Critical
Unreviewed
CVE-2021-21952
was published
Dec 23, 2021
An authentication bypass vulnerability exists in the process_msg() function of the home_security...
High
Unreviewed
CVE-2021-21953
was published
Dec 23, 2021
Dell PowerScale OneFS, versions 8.2.2-9.3.0.x, contain an authentication bypass by primary...
High
Unreviewed
CVE-2021-36350
was published
Dec 22, 2021
Mesa Labs AmegaView Versions 3.0 and prior’s passcode is generated by an easily reversible...
Critical
Unreviewed
CVE-2021-27451
was published
Dec 22, 2021
Zoho ManageEngine ServiceDesk Plus MSP before 10.5 Build 10534 is vulnerable to unauthenticated...
Critical
Unreviewed
CVE-2021-44675
was published
Dec 21, 2021
VMware Workspace ONE Access 21.08, 20.10.0.1, and 20.10 contain an authentication bypass...
Critical
Unreviewed
CVE-2021-22057
was published
Dec 21, 2021
Authelia vulnerable to an authentication bypassed with malformed request URI on nginx
Critical
CVE-2021-32637
was published
for
github.com/authelia/authelia/v4
(Go)
Dec 20, 2021
TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in ...
High
Unreviewed
CVE-2021-40851
was published
Dec 18, 2021
Clementine Music Player through 1.3.1 is vulnerable to a User Mode Write Access Violation,...
High
Unreviewed
CVE-2021-40826
was published
Dec 16, 2021
In stopVpnProfile of Vpn.java, there is a possible VPN profile reset due to a permissions bypass....
High
Unreviewed
CVE-2021-0649
was published
Dec 16, 2021
The impacted products, when configured to use SSO, are affected by an improper authentication...
Critical
Unreviewed
CVE-2021-43935
was published
Dec 16, 2021
A vulnerability has been identified in SiPass integrated V2.76 (All versions), SiPass integrated...
Critical
Unreviewed
CVE-2021-44524
was published
Dec 15, 2021
Sysaid API User Enumeration - Attacker sending requests to specific api path without any...
Moderate
Unreviewed
CVE-2021-36721
was published
Dec 15, 2021
glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.
Critical
Unreviewed
CVE-2021-44949
was published
Dec 15, 2021
The RegistrationMagic WordPress plugin made it possible for unauthenticated users to log in as...
Critical
Unreviewed
CVE-2021-4073
was published
Dec 15, 2021
In Cibele Thinfinity VirtualUI before 3.0, /changePassword returns different responses for...
Moderate
Unreviewed
CVE-2021-44848
was published
Dec 14, 2021
Auerswald COMfortel 1400 IP and 2600 IP before 2.8G devices allow Authentication Bypass via the ...
High
Unreviewed
CVE-2021-40856
was published
Dec 14, 2021
An issue was discovered in Reprise RLM 14.2. Because /goform/change_password_process does not...
Critical
Unreviewed
CVE-2021-44152
was published
Dec 14, 2021
Lack of an access control check in the External Status Check feature allowed any authenticated...
Moderate
Unreviewed
CVE-2021-39916
was published
Dec 14, 2021
Zoho ManageEngine Desktop Central is vulnerable to authentication bypass, leading to remote code...
Critical
Unreviewed
CVE-2021-44515
was published
Dec 13, 2021
Improper Authentication in HashiCorp Nomad
High
CVE-2021-43415
was published
for
github.com/hashicorp/nomad
(Go)
Dec 10, 2021
A improper authentication in Fortinet FortiAuthenticator version 6.4.0 allows user to bypass the...
High
Unreviewed
CVE-2021-43068
was published
Dec 10, 2021
Gryphon Tower routers contain an unprotected openvpn configuration file which can grant attackers...
High
Unreviewed
CVE-2021-20145
was published
Dec 10, 2021
ProTip!
Advisories are also available from the
GraphQL API