Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

201 advisories

Loading
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference High
CVE-2022-31167 was published for org.xwiki.platform:xwiki-platform-security (Maven) Sep 20, 2022
XWiki Platform Improper Authorization check for inactive users High
CVE-2022-36090 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 16, 2022
Netmaker vulnerable to Insufficient Granularity of Access Control High
CVE-2022-36110 was published for github.com/gravitl/netmaker (Go) Sep 15, 2022
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy... High Unreviewed
CVE-2022-29490 was published Sep 13, 2022
Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. High Unreviewed
CVE-2022-2901 was published Sep 7, 2022
Magento Improper Authorization vulnerability High
CVE-2022-34256 was published for magento/community-edition (Composer) Aug 17, 2022
Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged... High Unreviewed
CVE-2022-2661 was published Aug 17, 2022
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it... High Unreviewed
CVE-2022-31609 was published Aug 6, 2022
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0.... High Unreviewed
CVE-2022-2019 was published Jun 10, 2022
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications... High Unreviewed
CVE-2022-30717 was published Jun 8, 2022
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access... High Unreviewed
CVE-2022-30746 was published Jun 8, 2022
Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization... High Unreviewed
CVE-2022-26857 was published May 27, 2022
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control.... High Unreviewed
CVE-2021-42330 was published May 24, 2022
The management page of the Orca HCM digital learning platform does not perform identity... High Unreviewed
CVE-2021-35964 was published May 24, 2022
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary... High Unreviewed
CVE-2021-40502 was published May 24, 2022
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and... High Unreviewed
CVE-2021-39341 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self... High Unreviewed
CVE-2021-38486 was published May 24, 2022
Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable... High Unreviewed
CVE-2021-39317 was published May 24, 2022
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the... High Unreviewed
CVE-2021-41975 was published May 24, 2022
The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34... High Unreviewed
CVE-2021-24311 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP... High Unreviewed
CVE-2021-24188 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24192 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24190 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24195 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database