Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

90 advisories

Loading
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions,... Critical Unreviewed
CVE-2020-13421 was published May 24, 2022
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the... Critical Unreviewed
CVE-2021-41974 was published May 24, 2022
HashiCorp Vault Incorrect Permission Assignment for Critical Resource Critical
CVE-2021-43998 was published for github.com/hashicorp/vault (Go) Dec 2, 2021
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an... Critical Unreviewed
CVE-2021-39409 was published Jun 25, 2022
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete... Critical Unreviewed
CVE-2021-22648 was published Jul 29, 2022
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected... Critical Unreviewed
CVE-2020-11831 was published May 24, 2022
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is... Critical Unreviewed
CVE-2020-16259 was published May 24, 2022
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made... Critical Unreviewed
CVE-2020-35949 was published May 24, 2022
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin... Critical Unreviewed
CVE-2020-35339 was published May 24, 2022
An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable... Critical Unreviewed
CVE-2021-22566 was published Jan 19, 2022
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to... Critical Unreviewed
CVE-2021-22850 was published May 24, 2022
Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14... Critical Unreviewed
CVE-2021-41428 was published May 24, 2022
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to... Critical Unreviewed
CVE-2022-2185 was published Jul 2, 2022
Apache Cassandra vulnerable to Code Injection due to unsafe configuration Critical
CVE-2021-44521 was published for org.apache.cassandra:cassandra-all (Maven) Feb 12, 2022
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is... Critical Unreviewed
CVE-2021-41589 was published May 24, 2022
Incorrect Permission Assignment for Critical Resource in ShopXO Critical
CVE-2022-28056 was published for shopxo/shopxo (Composer) May 3, 2022
Koji hub call does not perform correct access checks Critical
CVE-2018-1002150 was published for koji (pip) Jul 12, 2018
In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities... Critical Unreviewed
CVE-2017-12816 was published May 13, 2022
postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog... Critical Unreviewed
CVE-2018-1115 was published May 13, 2022
An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on... Critical Unreviewed
CVE-2018-11240 was published May 13, 2022
Incorrect Permission Assignment for Critical Resource in Plone Critical
CVE-2021-33509 was published for Plone (pip) Jun 15, 2021
Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbH’s TopEase®... Critical Unreviewed
CVE-2021-42115 was published Dec 1, 2021
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer... Critical Unreviewed
CVE-2017-9602 was published May 13, 2022
This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable... Critical Unreviewed
CVE-2018-1164 was published May 13, 2022
A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted... Critical Unreviewed
CVE-2018-15379 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API