GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
778 advisories
Filter by severity
Duplicate Advisory: Improper Authorization in Gogs
High
GHSA-65f3-3278-7m65
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
•
withdrawn
Gogs vulnerable to improper PAM authorization handling
High
CVE-2022-0871
was published
for
gogs.io/gogs
(Go)
Mar 14, 2022
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials
High
CVE-2022-27211
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper...
High
Unreviewed
CVE-2022-0229
was published
Mar 22, 2022
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the...
High
Unreviewed
CVE-2022-27333
was published
Mar 23, 2022
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid...
High
Unreviewed
CVE-2021-3814
was published
Mar 26, 2022
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access...
High
Unreviewed
CVE-2022-27658
was published
Mar 29, 2022
In Settings, there is a possible way to add an auto-connect WiFi network without the user's...
High
Unreviewed
CVE-2021-39768
was published
Mar 31, 2022
In WindowManager, there is a possible way to start a foreground activity from the background due...
High
Unreviewed
CVE-2021-39758
was published
Mar 31, 2022
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk...
High
Unreviewed
CVE-2020-23349
was published
Apr 6, 2022
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver...
High
Unreviewed
CVE-2022-27669
was published
Apr 13, 2022
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP...
High
Unreviewed
CVE-2022-27480
was published
Apr 13, 2022
Insecure plugin handling in Mattermost
High
CVE-2022-1384
was published
for
github.com/mattermost/mattermost-server/v6
(Go)
Apr 20, 2022
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of...
High
Unreviewed
CVE-2022-1329
was published
Apr 20, 2022
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5...
High
Unreviewed
CVE-2006-4483
was published
May 1, 2022
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly...
High
Unreviewed
CVE-2009-3781
was published
May 2, 2022
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks...
High
Unreviewed
CVE-2022-0952
was published
May 3, 2022
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place...
High
Unreviewed
CVE-2021-25002
was published
May 3, 2022
In telephony, there is a possible way to disable receiving SMS messages due to a missing...
High
Unreviewed
CVE-2022-20093
was published
May 4, 2022
In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing...
High
Unreviewed
CVE-2022-20084
was published
May 4, 2022
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav...
High
Unreviewed
CVE-2022-28165
was published
May 7, 2022
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing...
High
Unreviewed
CVE-2021-39738
was published
May 11, 2022
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper...
High
Unreviewed
CVE-2022-1442
was published
May 11, 2022
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary...
High
Unreviewed
CVE-2022-29611
was published
May 12, 2022
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus...
High
Unreviewed
CVE-2019-9924
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API