Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

267 advisories

Loading
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI... Critical Unreviewed
CVE-2022-32295 was published Jul 2, 2022
Improper Authorization in Apache Shiro Critical
CVE-2022-32532 was published for org.apache.shiro:shiro-core (Maven) Jun 30, 2022
Depending on the configuration of the route permission table in file 'saprouttab', it is possible... Critical Unreviewed
CVE-2022-27668 was published Jun 15, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x... Critical Unreviewed
CVE-2022-30310 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web... Critical Unreviewed
CVE-2022-30308 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x... Critical Unreviewed
CVE-2022-30311 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web... Critical Unreviewed
CVE-2022-30309 was published Jun 14, 2022
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an... Critical Unreviewed
CVE-2022-25237 was published Jun 3, 2022
An access control issue in Linglong v1.0 allows attackers to access the background of the... Critical Unreviewed
CVE-2022-29633 was published May 27, 2022
TrueStack Direct Connect 1.4.7 has Incorrect Access Control. Critical Unreviewed
CVE-2022-23775 was published May 26, 2022
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file... Critical Unreviewed
CVE-2021-42002 was published May 24, 2022
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth,... Critical Unreviewed
CVE-2021-42837 was published May 24, 2022
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is... Critical Unreviewed
CVE-2021-35368 was published May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21692 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21691 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21693 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability... Critical Unreviewed
CVE-2021-20136 was published May 24, 2022
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that... Critical Unreviewed
CVE-2021-3705 was published May 24, 2022
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and... Critical Unreviewed
CVE-2021-41873 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38454 was published May 24, 2022
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password... Critical Unreviewed
CVE-2021-3833 was published May 24, 2022
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41592 was published May 24, 2022
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41591 was published May 24, 2022
There is a flaw in the code used to configure the internal gateway firewall when the gateway's... Critical Unreviewed
CVE-2020-12030 was published May 24, 2022
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed... Critical Unreviewed
CVE-2021-35943 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database