GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
46 advisories
Filter by severity
Authentication Bypass in hydra
Moderate
CVE-2020-5300
was published
for
github.com/ory/hydra
(Go)
May 27, 2021
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2...
Moderate
Unreviewed
CVE-2021-40170
was published
Dec 16, 2021
The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is...
Moderate
Unreviewed
CVE-2021-46145
was published
Jan 7, 2022
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door...
Moderate
Unreviewed
CVE-2022-27254
was published
Mar 25, 2022
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass...
Moderate
Unreviewed
CVE-2018-16242
was published
May 13, 2022
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and...
Moderate
Unreviewed
CVE-2019-5307
was published
May 24, 2022
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control.
Moderate
Unreviewed
CVE-2019-9158
was published
May 24, 2022
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application...
Moderate
Unreviewed
CVE-2019-11334
was published
May 24, 2022
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack...
Moderate
Unreviewed
CVE-2019-18199
was published
May 24, 2022
Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock...
Moderate
Unreviewed
CVE-2020-9438
was published
May 24, 2022
GoAhead before 5.1.2 mishandles the nonce value during Digest authentication. This may permit...
Moderate
Unreviewed
CVE-2020-15688
was published
May 24, 2022
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4...
Moderate
Unreviewed
CVE-2019-11856
was published
May 24, 2022
** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications)...
Moderate
Unreviewed
CVE-2020-24722
was published
May 24, 2022
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in...
Moderate
Unreviewed
CVE-2020-12355
was published
May 24, 2022
Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay...
Moderate
Unreviewed
CVE-2020-13799
was published
May 24, 2022
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful...
Moderate
Unreviewed
CVE-2020-14302
was published
May 24, 2022
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows...
Moderate
Unreviewed
CVE-2020-26172
was published
May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol...
Moderate
Unreviewed
CVE-2020-27269
was published
May 24, 2022
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay...
Moderate
Unreviewed
CVE-2021-22267
was published
May 24, 2022
Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an...
Moderate
Unreviewed
CVE-2021-27195
was published
May 24, 2022
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version...
Moderate
Unreviewed
CVE-2020-28713
was published
May 24, 2022
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out,...
Moderate
Unreviewed
CVE-2020-23178
was published
May 24, 2022
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture...
Moderate
Unreviewed
CVE-2022-30466
was published
Jun 8, 2022
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote...
Moderate
Unreviewed
CVE-2022-30467
was published
Jun 30, 2022
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to...
Moderate
Unreviewed
CVE-2022-29593
was published
Jul 15, 2022
ProTip!
Advisories are also available from the
GraphQL API