Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

369 advisories

Loading
In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions... Moderate Unreviewed
CVE-2020-27097 was published May 24, 2022
IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to... Moderate Unreviewed
CVE-2020-5017 was published May 24, 2022
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can... Moderate Unreviewed
CVE-2021-21494 was published May 24, 2022
The Advanced Access Manager plugin before 6.6.2 for WordPress displays the unfiltered user object... Moderate Unreviewed
CVE-2020-35934 was published May 24, 2022
An issue was discovered on D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55.... Moderate Unreviewed
CVE-2020-24578 was published May 24, 2022
Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier,... Moderate Unreviewed
CVE-2019-11786 was published May 24, 2022
Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and... Moderate Unreviewed
CVE-2019-11783 was published May 24, 2022
Improper access control in message routing in Odoo Community 12.0 and earlier and Odoo Enterprise... Moderate Unreviewed
CVE-2018-15645 was published May 24, 2022
In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in... Moderate Unreviewed
CVE-2020-26175 was published May 24, 2022
In tangro Business Workflow before 1.18.1, a user's profile contains some items that are greyed... Moderate Unreviewed
CVE-2020-26177 was published May 24, 2022
In tangro Business Workflow before 1.18.1, the documentId of attachment uploads to /api/document... Moderate Unreviewed
CVE-2020-26171 was published May 24, 2022
In the Pulsar manager 0.1.0 version, malicious users will be able to bypass pulsar-manager's... Moderate Unreviewed
CVE-2020-17520 was published May 24, 2022
In showProvisioningNotification of ConnectivityService.java, there is an unsafe PendingIntent.... Moderate Unreviewed
CVE-2020-27041 was published May 24, 2022
In createSimSelectNotification of SimSelectNotification.java, there is a possible permission... Moderate Unreviewed
CVE-2020-27034 was published May 24, 2022
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan... Moderate Unreviewed
CVE-2020-7337 was published May 24, 2022
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. Moderate Unreviewed
CVE-2020-28953 was published May 24, 2022
Azure Sphere Information Disclosure Vulnerability This CVE ID is unique from CVE-2020-16985. Moderate Unreviewed
CVE-2020-16990 was published May 24, 2022
In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due... Moderate Unreviewed
CVE-2020-0454 was published May 24, 2022
Synology Router Manager (SRM) before 1.2.4-8081 does not include the HTTPOnly flag in a Set... Moderate Unreviewed
CVE-2020-27658 was published May 24, 2022
SolarWinds N-Central version 12.3 GA and lower does not set the JSESSIONID attribute to HTTPOnly.... Moderate Unreviewed
CVE-2020-15910 was published May 24, 2022
In showDataRoamingNotification of NotificationMgr.java, there is a possible permission bypass due... Moderate Unreviewed
CVE-2020-0400 was published May 24, 2022
In updateMwi of NotificationMgr.java, there is a possible permission bypass due to a... Moderate Unreviewed
CVE-2020-0398 was published May 24, 2022
An issue has been discovered in GitLab affecting all versions prior to 13.2.10, 13.3.7 and 13.4.2... Moderate Unreviewed
CVE-2020-13341 was published May 24, 2022
debian/sympa.postinst for the Debian Sympa package before 6.2.40~dfsg-7 uses mode 4755 for... Moderate Unreviewed
CVE-2020-26932 was published May 24, 2022
An issue was discovered in Zoho Application Control Plus before version 10.0.511. The Element... Moderate Unreviewed
CVE-2020-15595 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API