GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,587
Composer 4,205
Erlang 31
GitHub Actions 19
Go 1,988
Maven 5,170
npm 3,704
NuGet 661
pip 3,332
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,167

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

220 advisories

Filter by severity

Sort by

Least recently updated

Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an... Critical Unreviewed

CVE-2019-7304 was published May 24, 2022

An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network... Critical Unreviewed

CVE-2018-7245 was published May 13, 2022

In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the... Critical Unreviewed

CVE-2018-19515 was published May 13, 2022

The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports... Critical Unreviewed

CVE-2018-18815 was published May 13, 2022

Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to... Critical Unreviewed

CVE-2018-13324 was published May 13, 2022

WebExtensions bundled with embedded experiments were not correctly checked for proper... Critical Unreviewed

CVE-2018-12369 was published May 13, 2022

OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization... Critical Unreviewed

CVE-2018-1000155 was published May 13, 2022

** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary... Critical Unreviewed

CVE-2017-9855 was published May 13, 2022

An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics... Critical Unreviewed

CVE-2017-9653 was published May 13, 2022

Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation... Critical Unreviewed

CVE-2017-7512 was published May 13, 2022

Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6... Critical Unreviewed

CVE-2017-17067 was published May 13, 2022

An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx... Critical Unreviewed

CVE-2017-16743 was published May 13, 2022

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform... Critical Unreviewed

CVE-2017-7470 was published May 13, 2022

Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. Critical Unreviewed

CVE-2022-29423 was published May 7, 2022

Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... Critical Unreviewed

CVE-2022-20777 was published May 5, 2022

The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before... Critical Unreviewed

CVE-2022-29906 was published Apr 30, 2022

Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360... Critical Unreviewed

CVE-2022-29081 was published Apr 29, 2022

Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow... Critical Unreviewed

CVE-2010-1435 was published Apr 21, 2022

IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read... Critical Unreviewed

CVE-2010-2548 was published Apr 21, 2022

An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to... Critical Unreviewed

CVE-2022-27128 was published Apr 11, 2022

An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow... Critical Unreviewed

CVE-2021-46419 was published Apr 8, 2022

aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use... Critical Unreviewed

CVE-2022-26676 was published Apr 8, 2022

After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is... Critical Unreviewed

CVE-2021-32986 was published Apr 5, 2022

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14... Critical Unreviewed

CVE-2022-0735 was published Mar 29, 2022

EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. Critical Unreviewed

CVE-2022-26279 was published Mar 26, 2022

Previous 1 2 … 5 6 7 8 9 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

220 advisories