Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,247
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

288 advisories

Loading
user-readable api tokens in systemd units for JupyterHub High
CVE-2020-26261 was published for jupyterhub-systemdspawner (pip) Dec 9, 2020
quentinmit
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted... High Unreviewed
CVE-2021-20050 was published Dec 24, 2021
There is an unauthorized access vulnerability in system components. Successful exploitation of... High Unreviewed
CVE-2021-40051 was published Mar 11, 2022
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up... High Unreviewed
CVE-2022-0815 was published Mar 12, 2022
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure High
CVE-2021-31407 was published for com.vaadin:flow-server (Maven) Apr 19, 2021
Elvish vulnerable to remote code execution via the web UI backend High
CVE-2021-41088 was published for github.com/elves/elvish (Go) Sep 23, 2021
An information disclosure issue was addressed with improved state management. This issue is fixed... High Unreviewed
CVE-2022-22579 was published Mar 19, 2022
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin... High Unreviewed
CVE-2022-26267 was published Mar 20, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control. High Unreviewed
CVE-2022-23345 was published Mar 22, 2022
Use of insecure temporary file in Horovod High
CVE-2022-0315 was published for horovod (pip) Mar 29, 2022
JamieSlome ashahab
IBM SterlingPartner Engagement Manager 6.2.0 could allow a remote authenticated attacker to... High Unreviewed
CVE-2022-22331 was published Apr 2, 2022
A remote, unauthenticated attacker could utilize the control programmer of the CODESYS Control... High Unreviewed
CVE-2022-22515 was published Apr 8, 2022
Improper access control while doing XPU re-configuration dynamically can lead to unauthorized... High Unreviewed
CVE-2021-30276 was published Jan 4, 2022
MyHuawei-App has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability... High Unreviewed
CVE-2021-39972 was published Jan 4, 2022
BeyondTrust AppGuard Enterprise through 6.6.20.2 creates a Temporary File in a Directory with... High Unreviewed
CVE-2021-42255 was published Apr 13, 2022
Dell PowerScale OneFS 8.2.2 and above contain an elevation of privilege vulnerability. A local... High Unreviewed
CVE-2022-24411 was published Apr 13, 2022
A PHP Local File Inclusion vulneraility in the default Redbasic theme for Hubzilla before version... High Unreviewed
CVE-2022-27257 was published Apr 16, 2022
Verizon LVSKIHP 5G outside devices through 2022-02-15 allow anyone (knowing the device's serial... High Unreviewed
CVE-2022-28376 was published Apr 4, 2022
In startIpClient of ClientModeImpl.java, there is a possible identifier which could be used to... High Unreviewed
CVE-2021-0466 was published May 24, 2022
Istio before 1.9.6 and 1.10.x before 1.10.2 has Incorrect Access Control. High Unreviewed
CVE-2021-34824 was published May 24, 2022
Exposure of Resource to Wrong Sphere in Spring Cloud OpenFeign High
CVE-2021-22044 was published for org.springframework.cloud:spring-cloud-openfeign-core (Maven) May 24, 2022
muc.lib.lua in Prosody 0.11.0 through 0.11.9 allows remote attackers to obtain sensitive... High Unreviewed
CVE-2021-37601 was published May 24, 2022
In cPanel before 96.0.13, scripts/fix-cpanel-perl mishandles the creation of temporary files (SEC... High Unreviewed
CVE-2021-38587 was published May 24, 2022
Exim 4 before 4.94.2 allows Exposure of File Descriptor to Unintended Control Sphere because... High Unreviewed
CVE-2020-28012 was published May 24, 2022
An information disclosure vulnerability in GitLab EE versions 13.11 and later allowed a project... High Unreviewed
CVE-2021-22215 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API