Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

44 advisories

Loading
Authentication Bypass in hydra Moderate
CVE-2020-5300 was published for github.com/ory/hydra (Go) May 27, 2021
cedricvanrompay
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2... Moderate Unreviewed
CVE-2021-40170 was published Dec 16, 2021
The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is... Moderate Unreviewed
CVE-2021-46145 was published Jan 7, 2022
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door... Moderate Unreviewed
CVE-2022-27254 was published Mar 25, 2022
oBike relies on Hangzhou Luoping Smart Locker to lock bicycles, which allows attackers to bypass... Moderate Unreviewed
CVE-2018-16242 was published May 13, 2022
Some Huawei 4G LTE devices, P30 versions before ELE-AL00 9.1.0.162(C01E160R1P12/C01E160R2P1) and... Moderate Unreviewed
CVE-2019-5307 was published May 24, 2022
Gemalto DS3 Authentication Server 2.6.1-SP01 has Broken Access Control. Moderate Unreviewed
CVE-2019-9158 was published May 24, 2022
An authentication bypass in website post requests in the Tzumi Electronics Klic Lock application... Moderate Unreviewed
CVE-2019-11334 was published May 24, 2022
An issue was discovered on Fujitsu Wireless Keyboard Set LX390 GK381 devices. Because of the lack... Moderate Unreviewed
CVE-2019-18199 was published May 24, 2022
Tinxy Door Lock with firmware before 3.2 allow attackers to unlock a door by replaying an Unlock... Moderate Unreviewed
CVE-2020-9438 was published May 24, 2022
GoAhead before 5.1.2 mishandles the nonce value during Digest authentication. This may permit... Moderate Unreviewed
CVE-2020-15688 was published May 24, 2022
A nonce reuse vulnerability exists in the ACEView service of ALEOS before 4.13.0, 4.9.5, and 4.4... Moderate Unreviewed
CVE-2019-11856 was published May 24, 2022
** DISPUTED ** An issue was discovered in the GAEN (aka Google/Apple Exposure Notifications)... Moderate Unreviewed
CVE-2020-24722 was published May 24, 2022
Authentication bypass by capture-replay in RPMB protocol message authentication subsystem in... Moderate Unreviewed
CVE-2020-12355 was published May 24, 2022
Western Digital iNAND devices through 2020-06-03 allow Authentication Bypass via a capture-replay... Moderate Unreviewed
CVE-2020-13799 was published May 24, 2022
A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful... Moderate Unreviewed
CVE-2020-14302 was published May 24, 2022
Every login in tangro Business Workflow before 1.18.1 generates the same JWT token, which allows... Moderate Unreviewed
CVE-2020-26172 was published May 24, 2022
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, the communication protocol... Moderate Unreviewed
CVE-2020-27269 was published May 24, 2022
Idelji Web ViewPoint Suite, as used in conjunction with HPE NonStop, allows a remote replay... Moderate Unreviewed
CVE-2021-22267 was published May 24, 2022
Improper Authorization vulnerability in Netop Vision Pro up to and including to 9.7.1 allows an... Moderate Unreviewed
CVE-2021-27195 was published May 24, 2022
Incorrect access control in push notification service in Night Owl Smart Doorbell FW version... Moderate Unreviewed
CVE-2020-28713 was published May 24, 2022
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out,... Moderate Unreviewed
CVE-2020-23178 was published May 24, 2022
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture... Moderate Unreviewed
CVE-2022-30466 was published Jun 8, 2022
Joy ebike Wolf Manufacturing year 2022 is vulnerable to Denial of service, which allows remote... Moderate Unreviewed
CVE-2022-30467 was published Jun 30, 2022
relay_cgi.cgi on Dingtian DT-R002 2CH relay devices with firmware 3.1.276A allows an attacker to... Moderate Unreviewed
CVE-2022-29593 was published Jul 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database