Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

267 advisories

Loading
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the... Critical Unreviewed
CVE-2021-26753 was published May 24, 2022
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component... Critical Unreviewed
CVE-2019-11684 was published May 24, 2022
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php,... Critical Unreviewed
CVE-2020-20466 was published May 24, 2022
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive... Critical Unreviewed
CVE-2021-20538 was published May 24, 2022
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is... Critical Unreviewed
CVE-2021-32986 was published Apr 5, 2022
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360... Critical Unreviewed
CVE-2022-29081 was published Apr 29, 2022
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an... Critical Unreviewed
CVE-2021-30571 was published May 24, 2022
There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-22389 was published May 24, 2022
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's... Critical Unreviewed
CVE-2021-26040 was published May 24, 2022
HashiCorp Vault and Vault Enterprise through 2022-07-17 have Incorrect Access Control. Critical Unreviewed
CVE-2022-36129 was published Jul 27, 2022
D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as... Critical Unreviewed
CVE-2022-36755 was published Aug 29, 2022
ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters,... Critical Unreviewed
CVE-2021-32829 was published May 24, 2022
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a... Critical Unreviewed
CVE-2021-27663 was published May 24, 2022
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the... Critical Unreviewed
CVE-2020-21124 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38454 was published May 24, 2022
Field-level access-control bypass for multiselect field Critical
CVE-2022-39322 was published for @keystone-6/core (npm) Oct 18, 2022
marekryb
Deno's static imports inside dynamically imported modules do not adhere to permission checks Critical
CVE-2021-32619 was published for deno (Rust) Sep 23, 2021
nayeemrmn
When the LDAP connector is started with StartTLS configured, unauthenticated access is granted.... Critical Unreviewed
CVE-2022-0143 was published Sep 20, 2022
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before... Critical Unreviewed
CVE-2022-29906 was published Apr 30, 2022
Broken Access Control vulnerability in Alessio Caiazza's About Me plugin <= 1.0.12 at WordPress. Critical Unreviewed
CVE-2022-36387 was published Sep 7, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails Critical
CVE-2022-35924 was published for next-auth (npm) Aug 2, 2022
aried3r feross
The Linux-PAM package before 1.5.2-6.1 for openSUSE Tumbleweed allows authentication bypass for... Critical Unreviewed
CVE-2022-28321 was published Sep 20, 2022
Spring Security authorization rules can be bypassed via forward or include dispatcher types Critical
CVE-2022-31692 was published for org.springframework.security:spring-security-core (Maven) Nov 1, 2022
A vulnerability in the authorization controls for the Cisco IOx application hosting... Critical Unreviewed
CVE-2020-3227 was published May 24, 2022
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. Critical Unreviewed
CVE-2022-29423 was published May 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database