Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

369 advisories

Loading
A vulnerability was found in logrotate in how the state file is created. The state file is used... Moderate Unreviewed
CVE-2022-1348 was published May 26, 2022
An exploitable shared memory permissions vulnerability exists in the functionality of X11 Mesa 3D... Moderate Unreviewed
CVE-2019-5068 was published May 24, 2022
An issue was discovered in 3S-Smart CODESYS V3 through 3.5.12.30. A user with low privileges can... Moderate Unreviewed
CVE-2019-9008 was published May 24, 2022
IBM Planning Analytics 2.0 could allow a remote attacker to obtain sensitive information, caused... Moderate Unreviewed
CVE-2021-20526 was published May 24, 2022
An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the... Moderate Unreviewed
CVE-2021-31377 was published May 24, 2022
Agents are able to lock the ticket without the "Owner" permission. Once the ticket is locked, it... Moderate Unreviewed
CVE-2021-36097 was published May 24, 2022
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference... Moderate Unreviewed
CVE-2021-39889 was published May 24, 2022
In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious... Moderate Unreviewed
CVE-2021-39868 was published May 24, 2022
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php. Moderate Unreviewed
CVE-2020-21014 was published May 24, 2022
The access controls on the Mobility read-only API improperly validate user access permissions.... Moderate Unreviewed
CVE-2021-40066 was published May 24, 2022
An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily... Moderate Unreviewed
CVE-2020-18127 was published May 24, 2022
Dell EMC PowerScale OneFS versions 8.2.x - 9.2.x contain an incorrect permission assignment for... Moderate Unreviewed
CVE-2021-36280 was published May 24, 2022
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). Moderate Unreviewed
CVE-2021-38590 was published May 24, 2022
In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by... Moderate Unreviewed
CVE-2017-16631 was published May 24, 2022
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0... Moderate Unreviewed
CVE-2021-29711 was published May 24, 2022
Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager... Moderate Unreviewed
CVE-2021-32526 was published May 24, 2022
An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups... Moderate Unreviewed
CVE-2021-36129 was published May 24, 2022
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain... Moderate Unreviewed
CVE-2021-29951 was published May 24, 2022
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows... Moderate Unreviewed
CVE-2021-25393 was published May 24, 2022
Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify... Moderate Unreviewed
CVE-2021-31929 was published May 24, 2022
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and... Moderate Unreviewed
CVE-2020-15385 was published May 24, 2022
A flaw was found in Red Hat Satellite, which allows a privileged attacker to read OMAPI secrets... Moderate Unreviewed
CVE-2020-14335 was published May 24, 2022
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf... Moderate Unreviewed
CVE-2021-23021 was published May 24, 2022
InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to... Moderate Unreviewed
CVE-2021-33586 was published May 24, 2022
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due... Moderate Unreviewed
CVE-2021-20429 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API