Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,604 advisories

Loading
The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication... High Unreviewed
CVE-2022-24190 was published Nov 29, 2022
Missing Authorization in Crafter CMS Moderate
CVE-2017-15680 was published for org.craftercms:crafter-core (Maven) May 24, 2022
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/... High Unreviewed
CVE-2020-13422 was published May 24, 2022
An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running... Moderate Unreviewed
CVE-2021-27570 was published May 24, 2022
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a... High Unreviewed
CVE-2021-27855 was published Dec 16, 2021
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor High
CVE-2022-36091 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Improper Authorization in ThinkSAAS v2.7 allows remote attackers to modify the description of any... Moderate Unreviewed
CVE-2020-18741 was published May 24, 2022
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize... Moderate Unreviewed
CVE-2021-27569 was published May 24, 2022
Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the... High Unreviewed
CVE-2020-20444 was published May 24, 2022
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper:... High Unreviewed
CVE-2022-40673 was published Sep 15, 2022
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated... High Unreviewed
CVE-2022-26423 was published Oct 21, 2022
Affected versions of Atlassian Confluence Server allow remote attackers to view restricted... Moderate Unreviewed
CVE-2021-26085 was published May 24, 2022
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated... High Unreviewed
CVE-2022-1066 was published Oct 21, 2022
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could... Critical Unreviewed
CVE-2020-4926 was published May 25, 2022
A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an... Moderate Unreviewed
CVE-2021-1143 was published May 24, 2022
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service... High Unreviewed
CVE-2020-35756 was published May 24, 2022
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5... Critical Unreviewed
CVE-2020-36239 was published May 24, 2022
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can retrieve recently... Moderate Unreviewed
CVE-2021-27571 was published May 24, 2022
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7.... Moderate Unreviewed
CVE-2021-22208 was published May 24, 2022
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This... Critical Unreviewed
CVE-2020-25359 was published May 24, 2022
File Deletion vulnerability in Halo 0.4.3 via delBackup. Critical Unreviewed
CVE-2020-19038 was published May 24, 2022
When a user has already allowed a website to access microphone and camera, disabling camera... Moderate Unreviewed
CVE-2021-29959 was published May 24, 2022
The import_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4... High Unreviewed
CVE-2021-24353 was published May 24, 2022
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically... Low Unreviewed
CVE-2021-25409 was published May 24, 2022
It has been discovered that redhat-certification does not perform an authorization check and it... Critical Unreviewed
CVE-2018-10866 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database