GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,044
Maven
5,000+
npm
3,736
NuGet
663
pip
3,414
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
706 advisories
Filter by severity
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the...
High
Unreviewed
CVE-2022-27333
was published
Mar 23, 2022
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid...
High
Unreviewed
CVE-2021-3814
was published
Mar 26, 2022
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access...
High
Unreviewed
CVE-2022-27658
was published
Mar 29, 2022
In Settings, there is a possible way to add an auto-connect WiFi network without the user's...
High
Unreviewed
CVE-2021-39768
was published
Mar 31, 2022
In WindowManager, there is a possible way to start a foreground activity from the background due...
High
Unreviewed
CVE-2021-39758
was published
Mar 31, 2022
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk...
High
Unreviewed
CVE-2020-23349
was published
Apr 6, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib...
High
Unreviewed
CVE-2021-24906
was published
Jan 25, 2022
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver...
High
Unreviewed
CVE-2022-27669
was published
Apr 13, 2022
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote...
High
Unreviewed
CVE-2021-1506
was published
May 24, 2022
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5...
High
Unreviewed
CVE-2006-4483
was published
May 1, 2022
A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice...
High
Unreviewed
CVE-2021-26733
was published
Oct 24, 2022
The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication...
High
Unreviewed
CVE-2022-24190
was published
Nov 29, 2022
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/...
High
Unreviewed
CVE-2020-13422
was published
May 24, 2022
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a...
High
Unreviewed
CVE-2021-27855
was published
Dec 16, 2021
Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the...
High
Unreviewed
CVE-2020-20444
was published
May 24, 2022
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper:...
High
Unreviewed
CVE-2022-40673
was published
Sep 15, 2022
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated...
High
Unreviewed
CVE-2022-1066
was published
Oct 21, 2022
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated...
High
Unreviewed
CVE-2022-26423
was published
Oct 21, 2022
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service...
High
Unreviewed
CVE-2020-35756
was published
May 24, 2022
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4...
High
Unreviewed
CVE-2021-24353
was published
May 24, 2022
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability...
High
Unreviewed
CVE-2021-24356
was published
May 24, 2022
It has been discovered that redhat-certification does not perform an authorization check and...
High
Unreviewed
CVE-2018-10865
was published
May 24, 2022
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX...
High
Unreviewed
CVE-2022-1777
was published
Jun 14, 2022
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access...
High
Unreviewed
CVE-2020-17517
was published
May 24, 2022
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote...
High
Unreviewed
CVE-2021-1505
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API