Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

563 advisories

Loading
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote... Moderate Unreviewed
CVE-2021-38009 was published Dec 24, 2021
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This... Moderate Unreviewed
CVE-2021-45494 was published Dec 27, 2021
Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor... Moderate Unreviewed
CVE-2021-39980 was published Jan 4, 2022
Improper handling of resource allocation in virtual machines can lead to information exposure in... Moderate Unreviewed
CVE-2021-1918 was published Jan 4, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
SQL Injection in Apache Kylin Moderate
CVE-2021-36774 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when... Moderate Unreviewed
CVE-2021-42749 was published Jan 11, 2022
In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection... Moderate Unreviewed
CVE-2021-42748 was published Jan 11, 2022
The affected product is vulnerable to an improper access control, which may allow an... Moderate Unreviewed
CVE-2021-23173 was published Jan 11, 2022
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability. Moderate Unreviewed
CVE-2022-21964 was published Jan 12, 2022
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880. Moderate Unreviewed
CVE-2022-21915 was published Jan 12, 2022
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6... Moderate Unreviewed
CVE-2021-29701 was published Jan 12, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Lack of validation for third party application accessing the service can lead to information... Moderate Unreviewed
CVE-2021-30314 was published Jan 14, 2022
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751,... Moderate Unreviewed
CVE-2021-42067 was published Jan 15, 2022
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory... Moderate Unreviewed
CVE-2021-39633 was published Jan 15, 2022
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any... Moderate Unreviewed
CVE-2021-1037 was published Jan 15, 2022
An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a... Moderate Unreviewed
CVE-2021-44838 was published Jan 19, 2022
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from... Moderate Unreviewed
CVE-2021-39892 was published Jan 19, 2022
An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the... Moderate Unreviewed
CVE-2021-44837 was published Jan 20, 2022
In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the... Moderate Unreviewed
CVE-2022-22154 was published Jan 20, 2022
An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can... Moderate Unreviewed
CVE-2022-23856 was published Jan 25, 2022
Insufficient user authorization in Moodle Moderate
CVE-2022-0334 was published for moodle/moodle (Composer) Jan 28, 2022
Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can... Moderate Unreviewed
CVE-2022-24032 was published Jan 31, 2022
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow... Moderate Unreviewed
CVE-2021-24775 was published Feb 2, 2022
ProTip! Advisories are also available from the GraphQL API