Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

662 advisories

Loading
Unauthenticated Access Via OAI-PMH High
CVE-2020-5228 was published for org.opencastproject:opencast-oaipmh-api (Maven) Jan 30, 2020
Controller reconciles apps outside configured namespaces when sharding is enabled High
CVE-2023-22736 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
czchen crenshaw-dev
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the... High Unreviewed
CVE-2022-27333 was published Mar 23, 2022
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid... High Unreviewed
CVE-2021-3814 was published Mar 26, 2022
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access... High Unreviewed
CVE-2022-27658 was published Mar 29, 2022
In Settings, there is a possible way to add an auto-connect WiFi network without the user's... High Unreviewed
CVE-2021-39768 was published Mar 31, 2022
In WindowManager, there is a possible way to start a foreground activity from the background due... High Unreviewed
CVE-2021-39758 was published Mar 31, 2022
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require... High Unreviewed
CVE-2021-34543 was published Dec 8, 2021
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk... High Unreviewed
CVE-2020-23349 was published Apr 6, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed
CVE-2021-24906 was published Jan 25, 2022
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver... High Unreviewed
CVE-2022-27669 was published Apr 13, 2022
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote... High Unreviewed
CVE-2021-1506 was published May 24, 2022
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5... High Unreviewed
CVE-2006-4483 was published May 1, 2022
Missing Authorization in Apache ZooKeeper High
CVE-2018-8012 was published for org.apache.zookeeper:zookeeper (Maven) May 13, 2022
A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice... High Unreviewed
CVE-2021-26733 was published Oct 24, 2022
The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication... High Unreviewed
CVE-2022-24190 was published Nov 29, 2022
OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/... High Unreviewed
CVE-2020-13422 was published May 24, 2022
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a... High Unreviewed
CVE-2021-27855 was published Dec 16, 2021
XWiki Platform Web Templates vulnerable to Missing Authorization, Exposure of Private Personal Information to Unauthorized Actor High
CVE-2022-36091 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
Jact OpenClinic 0.8.20160412 allows the attacker to read server files after login to the the... High Unreviewed
CVE-2020-20444 was published May 24, 2022
KDiskMark before 3.1.0 lacks authorization checking for D-Bus methods such as Helper:... High Unreviewed
CVE-2022-40673 was published Sep 15, 2022
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated... High Unreviewed
CVE-2022-26423 was published Oct 21, 2022
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated... High Unreviewed
CVE-2022-1066 was published Oct 21, 2022
An issue was discovered on Libre Wireless LS9 LS1.5/p7040 devices. There is a luci_service... High Unreviewed
CVE-2020-35756 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database