Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

132 advisories

Loading
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not... Critical Unreviewed
CVE-2021-24915 was published Nov 30, 2021
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line... Critical Unreviewed
CVE-2021-45015 was published Dec 15, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an... Critical Unreviewed
CVE-2021-27856 was published Dec 16, 2021
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise... Critical Unreviewed
CVE-2021-36888 was published Dec 16, 2021
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed
CVE-2020-20944 was published Dec 28, 2021
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro... Critical Unreviewed
CVE-2021-25032 was published Jan 11, 2022
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is... Critical Unreviewed
CVE-2022-0543 was published Feb 19, 2022
There is an improper verification vulnerability in smartphones. Successful exploitation of this... Critical Unreviewed
CVE-2021-22448 was published Feb 26, 2022
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected... Critical Unreviewed
CVE-2022-24595 was published Mar 19, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of... Critical Unreviewed
CVE-2021-45878 was published Mar 22, 2022
Hospital Management System v1.0 was discovered to lack an authorization component, allowing... Critical Unreviewed
CVE-2022-26546 was published Apr 1, 2022
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various... Critical Unreviewed
CVE-2021-43938 was published Apr 30, 2022
Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass Critical Unreviewed
CVE-2013-3960 was published May 5, 2022
An missing authorization vulnerability has been reported to affect QNAP device running Video... Critical Unreviewed
CVE-2021-44055 was published May 6, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of... Critical Unreviewed
CVE-2018-4059 was published May 13, 2022
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config... Critical Unreviewed
CVE-2019-9002 was published May 13, 2022
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the... Critical Unreviewed
CVE-2018-16591 was published May 13, 2022
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper... Critical Unreviewed
CVE-2018-18996 was published May 13, 2022
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P... Critical Unreviewed
CVE-2017-12582 was published May 13, 2022
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an... Critical Unreviewed
CVE-2017-6622 was published May 13, 2022
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center... Critical Unreviewed
CVE-2017-6639 was published May 13, 2022
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without... Critical Unreviewed
CVE-2017-9232 was published May 13, 2022
A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web... Critical Unreviewed
CVE-2018-11541 was published May 13, 2022
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the... Critical Unreviewed
CVE-2018-5377 was published May 13, 2022
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in... Critical Unreviewed
CVE-2018-6000 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API