Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

6,669 advisories

Loading
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access... High Unreviewed
CVE-2020-17517 was published May 24, 2022
Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH... Moderate Unreviewed
CVE-2021-20989 was published May 24, 2022
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4... High Unreviewed
CVE-2021-24352 was published May 24, 2022
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce... High Unreviewed
CVE-2022-32557 was published Jun 15, 2022
Missing authorization vulnerability in the system components. Successful exploitation of this... Moderate Unreviewed
CVE-2022-31752 was published Jun 14, 2022
Go before 1.15.12 and 1.16.x before 1.16.5 acts as an Unintended Proxy or Intermediary. Moderate Unreviewed
CVE-2021-33197 was published May 24, 2022
The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as... Moderate Unreviewed
CVE-2022-0745 was published Jun 14, 2022
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via... High Unreviewed
CVE-2021-37764 was published Jun 17, 2022
LRM does not implement authentication or authorization by default. A malicious actor can inject,... Critical Unreviewed
CVE-2022-1521 was published Jun 25, 2022
Affected devices do not properly authorize the change password function of the web interface.... High Unreviewed
CVE-2022-31765 was published Oct 11, 2022
WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a... High Unreviewed
CVE-2021-42359 was published May 24, 2022
There is an missing authorization issue in the system service. Since the component does not have... High Unreviewed
CVE-2022-20431 was published Oct 12, 2022
There is an missing authorization issue in the system service. Since the component does not have... High Unreviewed
CVE-2022-20430 was published Oct 12, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software... Moderate Unreviewed
CVE-2022-20736 was published Jun 16, 2022
Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to... Moderate Unreviewed
CVE-2022-29330 was published Jun 25, 2022
There is an missing authorization issue in the system service. Since the component does not have... High Unreviewed
CVE-2022-20434 was published Oct 12, 2022
There is an missing authorization issue in the system service. Since the component does not have... High Unreviewed
CVE-2022-20432 was published Oct 12, 2022
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed
CVE-2020-20944 was published Dec 28, 2021
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of... High Unreviewed
CVE-2022-1329 was published Apr 20, 2022
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via... High Unreviewed
CVE-2021-46820 was published Jun 17, 2022
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the... High Unreviewed
CVE-2022-1903 was published Jun 28, 2022
In telecom service, there is a possible information disclosure due to a missing permission check.... Moderate Unreviewed
CVE-2022-21763 was published Jul 7, 2022
In telecom service, there is a possible information disclosure due to a missing permission check.... Moderate Unreviewed
CVE-2022-21764 was published Jul 7, 2022
Exposure of sensitive information to an unauthorized actor issue in multiple applications of... Moderate Unreviewed
CVE-2022-29512 was published Jul 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database