GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
95 advisories
Filter by severity
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions,...
Critical
Unreviewed
CVE-2020-13421
was published
May 24, 2022
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the...
Critical
Unreviewed
CVE-2021-41974
was published
May 24, 2022
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
Critical
CVE-2021-43998
was published
for
github.com/hashicorp/vault
(Go)
Dec 2, 2021
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an...
Critical
Unreviewed
CVE-2021-39409
was published
Jun 25, 2022
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete...
Critical
Unreviewed
CVE-2021-22648
was published
Jul 29, 2022
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected...
Critical
Unreviewed
CVE-2020-11831
was published
May 24, 2022
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is...
Critical
Unreviewed
CVE-2020-16259
was published
May 24, 2022
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made...
Critical
Unreviewed
CVE-2020-35949
was published
May 24, 2022
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin...
Critical
Unreviewed
CVE-2020-35339
was published
May 24, 2022
An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable...
Critical
Unreviewed
CVE-2021-22566
was published
Jan 19, 2022
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to...
Critical
Unreviewed
CVE-2021-22850
was published
May 24, 2022
Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14...
Critical
Unreviewed
CVE-2021-41428
was published
May 24, 2022
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to...
Critical
Unreviewed
CVE-2022-2185
was published
Jul 2, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration
Critical
CVE-2021-44521
was published
for
org.apache.cassandra:cassandra-all
(Maven)
Feb 12, 2022
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is...
Critical
Unreviewed
CVE-2021-41589
was published
May 24, 2022
Incorrect Permission Assignment for Critical Resource in ShopXO
Critical
CVE-2022-28056
was published
for
shopxo/shopxo
(Composer)
May 3, 2022
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities...
Critical
Unreviewed
CVE-2017-12816
was published
May 13, 2022
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog...
Critical
Unreviewed
CVE-2018-1115
was published
May 13, 2022
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on...
Critical
Unreviewed
CVE-2018-11240
was published
May 13, 2022
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®...
Critical
Unreviewed
CVE-2021-42115
was published
Dec 1, 2021
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer...
Critical
Unreviewed
CVE-2017-9602
was published
May 13, 2022
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable...
Critical
Unreviewed
CVE-2018-1164
was published
May 13, 2022
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted...
Critical
Unreviewed
CVE-2018-15379
was published
May 13, 2022
Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access....
Critical
Unreviewed
CVE-2017-9626
was published
May 13, 2022
Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to...
Critical
Unreviewed
CVE-2017-1000153
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API