Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,233
Erlang
31
GitHub Actions
20
Go
1,992
Maven
5,000+
npm
3,709
NuGet
661
pip
3,346
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

560 advisories

Loading
Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor... Moderate Unreviewed
CVE-2021-39980 was published Jan 4, 2022
Improper handling of resource allocation in virtual machines can lead to information exposure in... Moderate Unreviewed
CVE-2021-1918 was published Jan 4, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
SQL Injection in Apache Kylin Moderate
CVE-2021-36774 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when... Moderate Unreviewed
CVE-2021-42749 was published Jan 11, 2022
In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection... Moderate Unreviewed
CVE-2021-42748 was published Jan 11, 2022
The affected product is vulnerable to an improper access control, which may allow an... Moderate Unreviewed
CVE-2021-23173 was published Jan 11, 2022
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability. Moderate Unreviewed
CVE-2022-21964 was published Jan 12, 2022
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880. Moderate Unreviewed
CVE-2022-21915 was published Jan 12, 2022
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6... Moderate Unreviewed
CVE-2021-29701 was published Jan 12, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Lack of validation for third party application accessing the service can lead to information... Moderate Unreviewed
CVE-2021-30314 was published Jan 14, 2022
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751,... Moderate Unreviewed
CVE-2021-42067 was published Jan 15, 2022
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory... Moderate Unreviewed
CVE-2021-39633 was published Jan 15, 2022
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any... Moderate Unreviewed
CVE-2021-1037 was published Jan 15, 2022
An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a... Moderate Unreviewed
CVE-2021-44838 was published Jan 19, 2022
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from... Moderate Unreviewed
CVE-2021-39892 was published Jan 19, 2022
An issue was discovered in Delta RM 1.2. It is possible for an unprivileged user to access the... Moderate Unreviewed
CVE-2021-44837 was published Jan 20, 2022
In a Junos Fusion scenario an External Control of Critical State Data vulnerability in the... Moderate Unreviewed
CVE-2022-22154 was published Jan 20, 2022
An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. An attacker can... Moderate Unreviewed
CVE-2022-23856 was published Jan 25, 2022
Insufficient user authorization in Moodle Moderate
CVE-2022-0334 was published for moodle/moodle (Composer) Jan 28, 2022
Adenza AxiomSL ControllerView through 10.8.1 is vulnerable to user enumeration. An attacker can... Moderate Unreviewed
CVE-2022-24032 was published Jan 31, 2022
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could... Moderate Unreviewed
CVE-2021-24868 was published Feb 2, 2022
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow... Moderate Unreviewed
CVE-2021-24775 was published Feb 2, 2022
UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0... Moderate Unreviewed
CVE-2021-44746 was published Feb 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database