GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
159 advisories
Filter by severity
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of...
Critical
Unreviewed
CVE-2021-45878
was published
Mar 22, 2022
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected...
Critical
Unreviewed
CVE-2022-24595
was published
Mar 19, 2022
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line...
Critical
Unreviewed
CVE-2021-45015
was published
Dec 15, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an...
Critical
Unreviewed
CVE-2021-27856
was published
Dec 16, 2021
Hospital Management System v1.0 was discovered to lack an authorization component, allowing...
Critical
Unreviewed
CVE-2022-26546
was published
Apr 1, 2022
There is an improper verification vulnerability in smartphones. Successful exploitation of this...
Critical
Unreviewed
CVE-2021-22448
was published
Feb 26, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of...
Critical
Unreviewed
CVE-2018-4059
was published
May 13, 2022
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could...
Critical
Unreviewed
CVE-2020-4926
was published
May 25, 2022
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5...
Critical
Unreviewed
CVE-2020-36239
was published
May 24, 2022
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This...
Critical
Unreviewed
CVE-2020-25359
was published
May 24, 2022
File Deletion vulnerability in Halo 0.4.3 via delBackup.
Critical
Unreviewed
CVE-2020-19038
was published
May 24, 2022
It has been discovered that redhat-certification does not perform an authorization check and it...
Critical
Unreviewed
CVE-2018-10866
was published
May 24, 2022
LRM does not implement authentication or authorization by default. A malicious actor can inject,...
Critical
Unreviewed
CVE-2022-1521
was published
Jun 25, 2022
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily...
Critical
Unreviewed
CVE-2020-20944
was published
Dec 28, 2021
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain...
Critical
Unreviewed
CVE-2022-35293
was published
Aug 11, 2022
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an...
Critical
Unreviewed
CVE-2020-4499
was published
May 24, 2022
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system....
Critical
Unreviewed
CVE-2019-19885
was published
May 24, 2022
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to...
Critical
Unreviewed
CVE-2020-26823
was published
May 24, 2022
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting...
Critical
Unreviewed
CVE-2020-11856
was published
May 24, 2022
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php...
Critical
Unreviewed
CVE-2020-29006
was published
May 24, 2022
A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older),...
Critical
Unreviewed
CVE-2020-28215
was published
May 24, 2022
A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s):...
Critical
Unreviewed
CVE-2020-7124
was published
May 24, 2022
An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is...
Critical
Unreviewed
CVE-2020-29551
was published
May 24, 2022
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain...
Critical
Unreviewed
CVE-2020-28036
was published
May 24, 2022
The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by...
Critical
Unreviewed
CVE-2020-35219
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API