GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,408

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

146 advisories

Filter by severity

Sort by

Least recently updated

IBM PureApplication System 2.2.3.0 through 2.2.5.3 does not require that users should have strong... High Unreviewed

CVE-2019-4235 was published May 24, 2022

A local attacker could bypass the app password using a race condition in Sophos Secure Workspace... High Unreviewed

CVE-2021-36808 was published May 24, 2022

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 does not enforce an efficient... Critical Unreviewed

CVE-2021-38462 was published May 24, 2022

The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX, TIBCO EBX, TIBCO EBX, and... Critical Unreviewed

CVE-2021-35498 was published May 24, 2022

ECOA BAS controller uses weak set of default administrative credentials that can be easily... Critical Unreviewed

CVE-2021-41296 was published May 24, 2022

BAB TECHNOLOGIE GmbH eibPort V3 prior version 3.9.1 allow the user to set a weak password because... Moderate Unreviewed

CVE-2021-28914 was published May 24, 2022

IBM Security Guardium 11.2 does not require that users should have strong passwords by default,... Critical Unreviewed

CVE-2021-20418 was published May 24, 2022

A vulnerability in the change password API of Cisco Connected Mobile Experiences (CMX) could... Moderate Unreviewed

CVE-2021-1522 was published May 24, 2022

An access control vulnerability in Hame SD1 Wi-Fi firmware <=V.20140224154640 allows an attacker... Critical Unreviewed

CVE-2021-26797 was published May 24, 2022

A weak password requirement vulnerability exists in the Create New User function of MintHCM... Critical Unreviewed

CVE-2021-25839 was published May 24, 2022

An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Authentication to the... High Unreviewed

CVE-2020-11925 was published May 24, 2022

Nextcloud Server prior to 20.0.0 stores passwords in a recoverable format even when external... Moderate Unreviewed

CVE-2020-8296 was published May 24, 2022

The built-in web service for MOXA NPort IAW5000A-I/O firmware version 2.1 or lower does not... High Unreviewed

CVE-2020-25153 was published May 24, 2022

Versions of the Official teamspeak Docker images through 3.6.0 contain a blank password for the... Critical Unreviewed

CVE-2020-29590 was published May 24, 2022

Versions of the Official registry Docker images through 2.7.0 contain a blank password for the... Critical Unreviewed

CVE-2020-29591 was published May 24, 2022

Askey AP5100W_Dual_SIG_1.01.097 and all prior versions use a weak password at the Operating... Critical Unreviewed

CVE-2020-26201 was published May 24, 2022

Quick Heal Total Security before 19.0 allows attackers with local admin rights to modify... Moderate Unreviewed

CVE-2020-27585 was published May 24, 2022

Quick Heal Total Security before 19.0 allows attackers with local admin rights to obtain access... Moderate Unreviewed

CVE-2020-27587 was published May 24, 2022

Pulse Secure Desktop Client 9.0Rx before 9.0R5 and 9.1Rx before 9.1R4 on Windows reveals users'... Low Unreviewed

CVE-2020-8956 was published May 24, 2022

IBM Tivoli Key Lifecycle Manager does not require that users should have strong passwords by... Moderate Unreviewed

CVE-2020-4574 was published May 24, 2022

Weak password requirements in Blaauw Remote Kiln Control through v3.00r4 allow a user to set... High Unreviewed

CVE-2019-18872 was published May 24, 2022

The OKLOK (3.1.1) mobile companion app for Fingerprint Bluetooth Padlock FB50 (2.3) has weak... High Unreviewed

CVE-2020-8790 was published May 24, 2022

In IQrouter through 3.3.1, the Lua function reset_password in the web-panel allows remote... High Unreviewed

CVE-2020-11966 was published May 24, 2022

eSOMS versions 4.0 to 6.0.3 do not enforce password complexity settings, potentially resulting in... Moderate Unreviewed

CVE-2019-19093 was published May 24, 2022

In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a... Low Unreviewed

CVE-2020-8632 was published May 24, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

146 advisories