Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

133 advisories

Loading
Missing Token Replay Detection in Saml2 Authentication services for ASP.NET High
CVE-2020-5261 was published for Sustainsys.Saml2 (NuGet) Mar 25, 2020
Authentication Bypass in hydra Moderate
CVE-2020-5300 was published for github.com/ory/hydra (Go) May 27, 2021
cedricvanrompay
An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS versions 7... Critical Unreviewed
CVE-2021-41030 was published Dec 9, 2021
An RF replay attack vulnerability in the SecuritasHome home alarm system, version HPGW-G 0.0.2... Moderate Unreviewed
CVE-2021-40170 was published Dec 16, 2021
The keyfob subsystem in Honda Civic 2012 vehicles allows a replay attack for unlocking. This is... Moderate Unreviewed
CVE-2021-46145 was published Jan 7, 2022
Capture-replay in Gitea Critical
CVE-2021-45327 was published for github.com/go-gitea/gitea (Go) Feb 9, 2022
tdunlap607
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25835 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Authentication bypass by capture-replay in github.com/cosmos/ethermint High
CVE-2021-25834 was published for github.com/cosmos/ethermint (Go) Feb 15, 2022
Honeywell HDZP252DI 1.00.HW02.4 and HBW2PER1 1.000.HW01.3 devices allow command spoofing (for... High Unreviewed
CVE-2021-39364 was published Feb 25, 2022
Multi-Factor Authentication issue in Laravel Fortify High
CVE-2022-25838 was published for laravel/fortify (Composer) Feb 25, 2022
A CWE-294: Authentication Bypass by Capture-replay vulnerability exists that could cause an... Critical Unreviewed
CVE-2022-22806 was published Mar 10, 2022
Authentication Bypass by Capture-replay in Apache Spark High
CVE-2021-38296 was published for org.apache.spark:spark-core (Maven) Mar 11, 2022
AlmogApiiro
The remote keyless system on Honda Civic 2018 vehicles sends the same RF signal for each door... Moderate Unreviewed
CVE-2022-27254 was published Mar 25, 2022
SaltStack Salt Authentication Bypass by Capture-replay High
CVE-2022-22936 was published for salt (pip) Mar 30, 2022
Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric... High Unreviewed
CVE-2022-25155 was published Apr 3, 2022
Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series... High Unreviewed
CVE-2022-25159 was published Apr 3, 2022
Dr Trust USA iCheck Connect BP Monitor BP Testing 118 1.2.1 is vulnerable to a Replay Attack to... High Unreviewed
CVE-2020-27374 was published Apr 8, 2022
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange... High Unreviewed
CVE-2002-0054 was published Apr 30, 2022
An Information Management Error vulnerability exists in Schneider Electric's Modicon M221 product... Critical Unreviewed
CVE-2018-7790 was published May 13, 2022
The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control,... Critical Unreviewed
CVE-2019-9659 was published May 13, 2022
SAGA1-L8B with any firmware versions prior to A0.10 are vulnerable to a replay attack and command... Critical Unreviewed
CVE-2018-17903 was published May 13, 2022
All versions of Telecrane F25 Series Radio Controls before 00.0A use fixed codes that are... High Unreviewed
CVE-2018-17935 was published May 13, 2022
A replay issue was discovered on Neato Botvac Connected 2.2.0 devices. Manual control mode... High Unreviewed
CVE-2018-17176 was published May 13, 2022
Authentication Bypass by Capture-replay vulnerability in Verizon Fios Quantum Gateway (G1100)... High Unreviewed
CVE-2019-3915 was published May 13, 2022
All versions up to V3.03.10.B23P2 of ZTE ZXR10 8905E product are impacted by TCP Initial Sequence... High Unreviewed
CVE-2018-7356 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database