Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

322 advisories

Loading
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated... Critical Unreviewed
CVE-2022-41326 was published Nov 22, 2022
Missing Authorization in Filter Stream Converter Application of XWiki-platform Critical
CVE-2022-41937 was published for org.xwiki.platform:xwiki-platform-filter-ui (Maven) Nov 21, 2022
Missing Authorization to enable or disable users in org.xwiki.platform:xwiki-platform-user-profile-ui Critical
CVE-2022-41930 was published for org.xwiki.platform:xwiki-platform-user-profile-ui (Maven) Nov 21, 2022
anonymous-nlp-student Credited to anonymous-nlp-student
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. Critical Unreviewed
CVE-2022-44584 was published Nov 19, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed
CVE-2022-3993 was published Nov 14, 2022
** UNSUPPORTED WHEN ASSIGNED ** A security filter misconfiguration exists in VMware Hyperic... Critical Unreviewed
CVE-2022-38651 was published Nov 12, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen Credited to joernchen, bobcallaway, and Hayden-IO bobcallaway bobcallaway
Hayden-IO Hayden-IO
Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at... Critical Unreviewed
CVE-2022-37344 was published Sep 7, 2022
Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at... Critical Unreviewed
CVE-2022-36427 was published Sep 7, 2022
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node... Critical Unreviewed
CVE-2022-36642 was published Sep 3, 2022
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain... Critical Unreviewed
CVE-2022-35293 was published Aug 11, 2022
LRM does not implement authentication or authorization by default. A malicious actor can inject,... Critical Unreviewed
CVE-2022-1521 was published Jun 25, 2022
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate... Critical Unreviewed
CVE-2022-0885 was published Jun 14, 2022
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could... Critical Unreviewed
CVE-2020-4926 was published May 25, 2022
Pebble Templates Improper Input Validation vulnerability Critical
CVE-2019-19899 was published for io.pebbletemplates:pebble-project (Maven) May 24, 2022
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows... Critical Unreviewed
CVE-2020-25366 was published May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21685 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault, westonsteimel, and sunSUNQ westonsteimel westonsteimel
sunSUNQ sunSUNQ
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21694 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21688 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21689 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21687 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21695 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault Credited to NotMyFault
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken... Critical Unreviewed
CVE-2021-32172 was published May 24, 2022
BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an... Critical Unreviewed
CVE-2021-41729 was published May 24, 2022
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect... Critical Unreviewed
CVE-2021-33924 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database