Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

267 advisories

Loading
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the... Critical Unreviewed
CVE-2020-21124 was published May 24, 2022
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a... Critical Unreviewed
CVE-2021-27663 was published May 24, 2022
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access... Critical Unreviewed
CVE-2021-37421 was published May 24, 2022
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC)... Critical Unreviewed
CVE-2021-1577 was published May 24, 2022
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's... Critical Unreviewed
CVE-2021-26040 was published May 24, 2022
ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters,... Critical Unreviewed
CVE-2021-32829 was published May 24, 2022
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive... Critical Unreviewed
CVE-2020-18701 was published May 24, 2022
Certain NETGEAR devices are affected by lack of access control at the function level. This... Critical Unreviewed
CVE-2021-38516 was published May 24, 2022
A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to... Critical Unreviewed
CVE-2020-19301 was published May 24, 2022
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an... Critical Unreviewed
CVE-2021-30571 was published May 24, 2022
There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-22389 was published May 24, 2022
Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021... Critical Unreviewed
CVE-2021-25437 was published May 24, 2022
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A... Critical Unreviewed
CVE-2021-35336 was published May 24, 2022
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product.... Critical Unreviewed
CVE-2021-33346 was published May 24, 2022
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote... Critical Unreviewed
CVE-2021-3044 was published May 24, 2022
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php,... Critical Unreviewed
CVE-2020-20466 was published May 24, 2022
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. Critical Unreviewed
CVE-2021-30192 was published May 24, 2022
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 ... Critical Unreviewed
CVE-2021-28799 was published May 24, 2022
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive... Critical Unreviewed
CVE-2021-20538 was published May 24, 2022
Drupal Core Access bypass vulnerability Critical
CVE-2020-13665 was published for drupal/core (Composer) May 24, 2022
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where... Critical Unreviewed
CVE-2021-28793 was published May 24, 2022
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code... Critical Unreviewed
CVE-2021-30503 was published May 24, 2022
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit... Critical Unreviewed
CVE-2021-21730 was published May 24, 2022
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation... Critical Unreviewed
CVE-2020-28872 was published May 24, 2022
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote... Critical Unreviewed
CVE-2020-24264 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database