Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

981 advisories

Loading
Validation Bypass in schema-inspector Critical
CVE-2019-10781 was published for schema-inspector (npm) Jun 10, 2020
Context isolation bypass in Electron Low
CVE-2020-15215 was published for electron (npm) Oct 6, 2020
nornagon MarshallOfSound
user-readable api tokens in systemd units for JupyterHub High
CVE-2020-26261 was published for jupyterhub-systemdspawner (pip) Dec 9, 2020
quentinmit
After order payment process manipulation in shopware/platform and shopware/core Critical
GHSA-88rc-3p98-rgvx was published for shopware/core (Composer) Apr 13, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core Critical
GHSA-qg7c-q3vq-rgxr was published for shopware/core (Composer) Apr 13, 2021
Java Merge-sort Insecure Temporary File vulnerability Moderate
CVE-2022-24913 was published for com.fasterxml.util:java-merge-sort (Maven) Jan 12, 2023
Apache Superset has Improper Access Control Moderate
CVE-2022-45438 was published for apache-superset (pip) Jan 16, 2023
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted... High Unreviewed
CVE-2021-20050 was published Dec 24, 2021
There is an unauthorized access vulnerability in system components. Successful exploitation of... High Unreviewed
CVE-2021-40051 was published Mar 11, 2022
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially... Moderate Unreviewed
CVE-2021-26341 was published Mar 12, 2022
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up... High Unreviewed
CVE-2022-0815 was published Mar 12, 2022
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and... Moderate Unreviewed
CVE-2020-4989 was published Mar 16, 2022
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed... Moderate Unreviewed
CVE-2021-43955 was published Mar 17, 2022
In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log... Moderate Unreviewed
CVE-2021-39715 was published Mar 17, 2022
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure High
CVE-2021-31407 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
An information disclosure issue was addressed with improved state management. This issue is fixed... High Unreviewed
CVE-2022-22579 was published Mar 19, 2022
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A... Moderate Unreviewed
CVE-2022-22622 was published Mar 19, 2022
An issue with app access to camera metadata was addressed with improved logic. This issue is... Low Unreviewed
CVE-2022-22598 was published Mar 19, 2022
The GSMA authentication panel could be presented on the lock screen. The issue was resolved by... Moderate Unreviewed
CVE-2022-22652 was published Mar 19, 2022
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin... High Unreviewed
CVE-2022-26267 was published Mar 20, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. High Unreviewed
CVE-2022-23345 was published Mar 22, 2022
A permissions issue was addressed with improved validation. This issue is fixed in Security... Moderate Unreviewed
CVE-2022-22583 was published Mar 19, 2022
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. Moderate Unreviewed
CVE-2022-25041 was published Mar 25, 2022
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the... Moderate Unreviewed
CVE-2021-27424 was published Mar 24, 2022
ProTip! Advisories are also available from the GraphQL API