Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,419 advisories

Loading
IBM PowerVM Hypervisor FW940 and FW950 could allow an attacker to obtain sensitive information if... High Unreviewed
CVE-2021-29765 was published May 24, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard High
CVE-2022-36093 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
In sendBugreportNotification of BugreportProgressService.java, there is a possible permission... High Unreviewed
CVE-2021-0570 was published May 24, 2022
Improper Access Control in GitHub repository zulip/zulip prior to 4.10. High Unreviewed
CVE-2021-3967 was published Feb 28, 2022
SFTPGo vulnerable to recovery codes abuse High
CVE-2022-36071 was published for github.com/drakkan/sftpgo/v2 (Go) Sep 16, 2022
On all 7.x and 6.x versions (fixed in 8.0.0), BIG-IQ HA ElasticSearch service does not implement... High Unreviewed
CVE-2021-22997 was published May 24, 2022
Multiple vulnerabilities in Cisco Intersight Virtual Appliance could allow an unauthenticated,... High Unreviewed
CVE-2021-1600 was published May 24, 2022
Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control... High Unreviewed
CVE-2020-36125 was published May 24, 2022
NVIDIA Linux kernel distributions contain a vulnerability in nvmap NVMAP_IOC_WRITE* paths, where... High Unreviewed
CVE-2021-1107 was published May 24, 2022
A CWE-287: Improper Authentication vulnerability exists that could allow an attacker to take over... High Unreviewed
CVE-2022-30238 was published Jun 3, 2022
A denial-of-service attack in WPA2, and WPA3-SAE authentication methods in D-Link DIR-X1560, v1... High Unreviewed
CVE-2021-41753 was published May 24, 2022
Galatolo WebManager 1.3a allows remote attackers to bypass authentication and gain administrative... High Unreviewed
CVE-2008-6300 was published May 17, 2022
Agentflow BPM enterprise management system has improper authentication. A remote attacker with... High Unreviewed
CVE-2022-39038 was published Nov 10, 2022
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC)... High Unreviewed
CVE-2021-1579 was published May 24, 2022
An issue was discovered on Compro IP70 2.08_7130218, IP570 2.08_7130520, IP60, and TN540 devices.... High Unreviewed
CVE-2021-40380 was published May 24, 2022
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to... High Unreviewed
CVE-2008-7081 was published May 17, 2022
A DCOM object in Helppane.exe in Microsoft Windows 7 SP1; Windows Server 2008 R2; Windows 8.1;... High Unreviewed
CVE-2017-0100 was published May 17, 2022
Unspecified vulnerability in YourPlace before 1.0.1 has unknown impact and attack vectors,... High Unreviewed
CVE-2008-6445 was published May 17, 2022
Impala sessions use a 16 byte secret to verify that the session is not being hijacked by another... High Unreviewed
CVE-2021-28131 was published May 24, 2022
Barco Control Room Management Suite web application, which is part of TransForm N before 3.14, is... High Unreviewed
CVE-2022-26975 was published Jun 3, 2022
Corero SecureWatch Managed Services 9.7.2.0020 does not correctly check swa-monitor and cns... High Unreviewed
CVE-2021-38137 was published May 24, 2022
In GFOS Workforce Management 4.8.272.1, the login page of application is prone to authentication... High Unreviewed
CVE-2021-38618 was published May 24, 2022
Owl Labs Meeting Owl 5.2.0.15 does not require a password for Bluetooth commands, because only... High Unreviewed
CVE-2022-31463 was published Jun 3, 2022
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers... High Unreviewed
CVE-2022-30749 was published Jun 8, 2022
Nukeviet 2.0 Beta allows remote attackers to bypass authentication and gain administrative access... High Unreviewed
CVE-2008-5945 was published May 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database