GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
778 advisories
Filter by severity
Undertow Missing Authorization when requesting a protected directory without trailing slash
High
CVE-2019-10184
was published
for
io.undertow:undertow-servlet
(Maven)
Aug 1, 2019
Unauthenticated Access Via OAI-PMH
High
CVE-2020-5228
was published
for
org.opencastproject:opencast-oaipmh-api
(Maven)
Jan 30, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper
High
CVE-2020-10187
was published
for
doorkeeper
(RubyGems)
May 7, 2020
Missing Authorization in TeamPass
High
CVE-2020-11671
was published
for
nilsteampassnet/teampass
(Composer)
Jul 26, 2021
Improper Authorization in Google OAuth Client
High
CVE-2020-7692
was published
for
com.google.oauth-client:google-oauth-client
(Maven)
Sep 28, 2021
Missing Authorization with Default Settings in Dashboard UI
High
CVE-2021-41238
was published
for
Hangfire.Core
(NuGet)
Nov 3, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
High
CVE-2021-39236
was published
for
org.apache.hadoop:hadoop-ozone-ozone-manager
(Maven)
Nov 23, 2021
Incorrect Authorization in Apache Ozone
High
CVE-2021-39232
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari ...
High
Unreviewed
CVE-2021-20835
was published
Nov 25, 2021
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user....
High
Unreviewed
CVE-2021-36917
was published
Nov 25, 2021
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in...
High
Unreviewed
CVE-2021-24914
was published
Dec 7, 2021
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require...
High
Unreviewed
CVE-2021-34543
was published
Dec 8, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5...
High
Unreviewed
CVE-2021-20865
was published
Dec 14, 2021
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary...
High
Unreviewed
CVE-2021-44233
was published
Dec 15, 2021
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will...
High
Unreviewed
CVE-2021-41066
was published
Dec 15, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and...
High
Unreviewed
CVE-2021-27859
was published
Dec 16, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a...
High
Unreviewed
CVE-2021-27855
was published
Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and...
High
Unreviewed
CVE-2021-27857
was published
Dec 16, 2021
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to...
High
Unreviewed
CVE-2021-1017
was published
Dec 16, 2021
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user...
High
Unreviewed
CVE-2021-0926
was published
Dec 16, 2021
In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to...
High
Unreviewed
CVE-2021-0923
was published
Dec 16, 2021
In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass...
High
Unreviewed
CVE-2021-0922
was published
Dec 16, 2021
TCMAN GIM does not perform an authorization check when trying to access determined resources. A...
High
Unreviewed
CVE-2021-40853
was published
Dec 18, 2021
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle...
High
Unreviewed
CVE-2021-37572
was published
Dec 27, 2021
ProTip!
Advisories are also available from the
GraphQL API