Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
44
GitHub Actions
46
Go
3,270
Maven
5,000+
npm
5,000+
NuGet
867
pip
4,517
Pub
12
RubyGems
998
Rust
1,194
Swift
51
Unreviewed advisories
All unreviewed
5,000+

1,435 advisories

Loading
In Settings, there is a possible way to add an auto-connect WiFi network without the user's... High Unreviewed
CVE-2021-39768 was published Mar 31, 2022
In WindowManager, there is a possible way to start a foreground activity from the background due... High Unreviewed
CVE-2021-39758 was published Mar 31, 2022
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access... High Unreviewed
CVE-2022-27658 was published Mar 29, 2022
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid... High Unreviewed
CVE-2021-3814 was published Mar 26, 2022
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the... High Unreviewed
CVE-2022-27333 was published Mar 23, 2022
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper... High Unreviewed
CVE-2022-0229 was published Mar 22, 2022
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27211 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault Credited to NotMyFault
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf Credited to ysf
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in... High Unreviewed
CVE-2021-25087 was published Mar 8, 2022
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an... High Unreviewed
CVE-2021-46378 was published Mar 5, 2022
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename... High Unreviewed
CVE-2022-24986 was published Feb 27, 2022
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support... High Unreviewed
CVE-2020-25718 was published Feb 19, 2022
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
Missing permission check in Jenkins SCP publisher Plugin High
CVE-2022-25199 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault Credited to NotMyFault
Missing Authorization in Jenkins dbCharts Plugin High
CVE-2022-25206 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault Credited to NotMyFault
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25208 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault Credited to NotMyFault
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman Credited to JordanSussman
An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management... High Unreviewed
CVE-2022-22854 was published Feb 15, 2022
In system service, there is a possible permission bypass due to a missing permission check. This... High Unreviewed
CVE-2022-20024 was published Feb 11, 2022
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This... High Unreviewed
CVE-2022-20041 was published Feb 11, 2022
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This... High Unreviewed
CVE-2022-20043 was published Feb 11, 2022
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when... High Unreviewed
CVE-2022-24317 was published Feb 11, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database