GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
47 advisories
Filter by severity
An issue discovered in Pfsense CE version 2.6.0 allows attackers to compromise user accounts via...
Critical
Unreviewed
CVE-2023-29974
was published
Nov 8, 2023
An issue was discovered on Connectize AC21000 G6 641.139.1.1256 allows attackers to gain...
Critical
Unreviewed
CVE-2023-24049
was published
Dec 5, 2023
I-doit pro 25 and below and I-doit open 25 and below employ weak password requirements for...
Critical
Unreviewed
CVE-2023-37756
was published
Sep 14, 2023
HCL Compass is vulnerable to insecure password requirements. An attacker could easily guess the...
Critical
Unreviewed
CVE-2023-37503
was published
Oct 19, 2023
There are no requirements for setting a complex password for PiiGAB M-Bus, which...
Critical
Unreviewed
CVE-2023-34995
was published
Jul 7, 2023
RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability....
Critical
Unreviewed
CVE-2019-3758
was published
May 24, 2022
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V2.0 SP1)....
Critical
Unreviewed
CVE-2019-13918
was published
May 24, 2022
Western Digital My Cloud, My Cloud Mirror Gen2, My Cloud EX2 Ultra, My Cloud EX2100, My Cloud...
Critical
Unreviewed
CVE-2019-9950
was published
May 24, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. All inverters have a...
Critical
Unreviewed
CVE-2017-9853
was published
May 13, 2022
In Gradle Enterprise before 2023.1, a remote attacker may be able to gain access to a new...
Critical
Unreviewed
CVE-2023-49238
was published
Jan 9, 2024
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been...
Critical
Unreviewed
CVE-2023-0641
was published
Feb 2, 2023
A CWE-521: Weak Password Requirements vulnerability exists that could allow an attacker to gain...
Critical
Unreviewed
CVE-2022-32513
was published
Jan 31, 2023
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The password for the...
Critical
Unreviewed
CVE-2021-43036
was published
Dec 7, 2021
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 does not require that users should have...
Critical
Unreviewed
CVE-2022-35280
was published
Aug 11, 2022
An issue was discovered on Foscam C2 devices with System Firmware 1.11.1.8 and Application...
Critical
Unreviewed
CVE-2018-19064
was published
May 13, 2022
Baseon Lantronix MSS devices do not require a password for TELNET access.
Critical
Unreviewed
CVE-2018-12925
was published
May 13, 2022
IBM Security Guardium Big Data Intelligence (SonarG) 3.1 does not require that users should have...
Critical
Unreviewed
CVE-2018-1372
was published
May 13, 2022
IBM Security Guardium 10.0, 10.0.1, and 10.1 through 10.1.4 Database Activity Monitor does not...
Critical
Unreviewed
CVE-2017-1601
was published
May 13, 2022
An improper access control vulnerability in Fortinet FortiWebManager 5.8.0 allows anyone that can...
Critical
Unreviewed
CVE-2017-14189
was published
May 13, 2022
The Epson "EasyMP" software is designed to remotely stream a users computer to supporting...
Critical
Unreviewed
CVE-2017-12861
was published
May 13, 2022
IBM Tivoli Endpoint Manager (IBM BigFix 9.2 and 9.5) does not require that users should have...
Critical
Unreviewed
CVE-2017-1221
was published
May 13, 2022
IBM BigFix Compliance (TEMA SUAv1 SCA SCM) 1.9.70 does not require that users should have strong...
Critical
Unreviewed
CVE-2017-1196
was published
May 13, 2022
A Credentials Management issue was discovered in Moxa NPort W2150A versions prior to 1.11, and...
Critical
Unreviewed
CVE-2017-16727
was published
May 13, 2022
Inoda OnTrack v3.4 employs a weak password policy which allows attackers to potentially gain...
Critical
Unreviewed
CVE-2022-37164
was published
Sep 9, 2022
Open Dental before version 18.4 installs a mysql database and uses the default credentials of ...
Critical
Unreviewed
CVE-2018-15719
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API