GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
369 advisories
Filter by severity
In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions...
Moderate
Unreviewed
CVE-2020-27097
was published
May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to...
Moderate
Unreviewed
CVE-2020-5017
was published
May 24, 2022
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can...
Moderate
Unreviewed
CVE-2021-21494
was published
May 24, 2022
The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object...
Moderate
Unreviewed
CVE-2020-35934
was published
May 24, 2022
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55....
Moderate
Unreviewed
CVE-2020-24578
was published
May 24, 2022
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier,...
Moderate
Unreviewed
CVE-2019-11786
was published
May 24, 2022
Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and...
Moderate
Unreviewed
CVE-2019-11783
was published
May 24, 2022
Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise...
Moderate
Unreviewed
CVE-2018-15645
was published
May 24, 2022
In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in...
Moderate
Unreviewed
CVE-2020-26175
was published
May 24, 2022
In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed...
Moderate
Unreviewed
CVE-2020-26177
was published
May 24, 2022
In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document...
Moderate
Unreviewed
CVE-2020-26171
was published
May 24, 2022
In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's...
Moderate
Unreviewed
CVE-2020-17520
was published
May 24, 2022
In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent....
Moderate
Unreviewed
CVE-2020-27041
was published
May 24, 2022
In createSimSelectNotification of SimSelectNotification.java, there is a possible permission...
Moderate
Unreviewed
CVE-2020-27034
was published
May 24, 2022
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan...
Moderate
Unreviewed
CVE-2020-7337
was published
May 24, 2022
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll.
Moderate
Unreviewed
CVE-2020-28953
was published
May 24, 2022
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16985.
Moderate
Unreviewed
CVE-2020-16990
was published
May 24, 2022
In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due...
Moderate
Unreviewed
CVE-2020-0454
was published
May 24, 2022
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set...
Moderate
Unreviewed
CVE-2020-27658
was published
May 24, 2022
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly....
Moderate
Unreviewed
CVE-2020-15910
was published
May 24, 2022
In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due...
Moderate
Unreviewed
CVE-2020-0400
was published
May 24, 2022
In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a...
Moderate
Unreviewed
CVE-2020-0398
was published
May 24, 2022
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2...
Moderate
Unreviewed
CVE-2020-13341
was published
May 24, 2022
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for...
Moderate
Unreviewed
CVE-2020-26932
was published
May 24, 2022
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element...
Moderate
Unreviewed
CVE-2020-15595
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API