Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

829 advisories

Loading
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled High
GHSA-qvp4-rpmr-xwrr was published for github.com/ory/oathkeeper (Go) Jun 23, 2021
flusflas
Improper Authorization in github.com/containers/libpod High
CVE-2021-20188 was published for github.com/containers/libpod (Go) May 18, 2021
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
Incorrect Authorization in WildFly Elytron High
CVE-2020-1748 was published for org.wildfly.security:wildfly-elytron (Maven) Feb 15, 2022
Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R)... High Unreviewed
CVE-2021-33118 was published Nov 18, 2021
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote... High Unreviewed
CVE-2022-25214 was published Mar 11, 2022
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a... High Unreviewed
CVE-2021-41850 was published Mar 13, 2022
Improper Authorization in org.cometd.oort High
CVE-2022-24721 was published for org.cometd.java:cometd-java-oort (Maven) Mar 15, 2022
Istio Fragments in Path May Lead to Authorization Policy Bypass High
CVE-2021-39156 was published for istio.io/istio (Go) Aug 30, 2021
yangminzhu
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more... High Unreviewed
CVE-2022-23033 was published Jan 26, 2022
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed... High Unreviewed
CVE-2022-25364 was published Mar 18, 2022
This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and... High Unreviewed
CVE-2022-22618 was published Mar 19, 2022
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one... High Unreviewed
CVE-2022-0981 was published Mar 24, 2022
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows... High Unreviewed
CVE-2022-30594 was published May 13, 2022
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior,... High Unreviewed
CVE-2021-20864 was published Dec 2, 2021
There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of... High Unreviewed
CVE-2021-37038 was published Dec 8, 2021
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire... High Unreviewed
CVE-2021-43051 was published Dec 15, 2021
In PackageManager, there is a possible way to change the splash screen theme of other apps due to... High Unreviewed
CVE-2021-39750 was published Mar 31, 2022
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy... High Unreviewed
CVE-2021-3456 was published Mar 31, 2022
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission... High Unreviewed
CVE-2022-20002 was published Mar 31, 2022
In WindowManager, there is a possible way to start non-exported and protected activities due to a... High Unreviewed
CVE-2021-39749 was published Mar 31, 2022
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control... High Unreviewed
CVE-2021-43771 was published Dec 1, 2021
In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This... High Unreviewed
CVE-2021-39789 was published Mar 31, 2022
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing... High Unreviewed
CVE-2021-39790 was published Mar 31, 2022
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access... High Unreviewed
CVE-2021-28504 was published Apr 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database