GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,683
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
795 advisories
Filter by severity
Cobbler before 3.3.0 allows authorization bypass for modification of settings.
High
CVE-2021-40325
was published
for
cobbler
(pip)
Oct 5, 2021
BuddyPress privilege escalation via REST API
High
CVE-2021-21389
was published
for
buddypress/buddypress
(Composer)
Oct 6, 2021
Incorrect Privilege Assignment in HashiCorp Vault
High
CVE-2021-42135
was published
for
github.com/hashicorp/vault
(Go)
Oct 12, 2021
Communities and collections administrators can escalate their privilege up to system administrator
High
CVE-2021-41189
was published
for
org.dspace:dspace-api
(Maven)
Nov 1, 2021
Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R)...
High
Unreviewed
CVE-2021-33118
was published
Nov 18, 2021
Insufficient security control vulnerability in internal database access mechanism of Hitachi...
High
Unreviewed
CVE-2021-35534
was published
Nov 19, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens
High
CVE-2021-39236
was published
for
org.apache.hadoop:hadoop-ozone-ozone-manager
(Maven)
Nov 23, 2021
Incorrect Authorization in Apache Ozone
High
CVE-2021-39232
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari ...
High
Unreviewed
CVE-2021-20835
was published
Nov 25, 2021
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control...
High
Unreviewed
CVE-2021-43771
was published
Dec 1, 2021
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior,...
High
Unreviewed
CVE-2021-20864
was published
Dec 2, 2021
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login...
High
Unreviewed
CVE-2021-24917
was published
Dec 7, 2021
There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of...
High
Unreviewed
CVE-2021-37038
was published
Dec 8, 2021
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an...
High
Unreviewed
CVE-2021-42126
was published
Dec 8, 2021
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an...
High
Unreviewed
CVE-2021-42124
was published
Dec 8, 2021
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an...
High
Unreviewed
CVE-2021-42758
was published
Dec 9, 2021
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5...
High
Unreviewed
CVE-2021-29678
was published
Dec 10, 2021
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has...
High
Unreviewed
CVE-2021-41805
was published
Dec 13, 2021
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire...
High
Unreviewed
CVE-2021-43051
was published
Dec 15, 2021
An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When...
High
Unreviewed
CVE-2021-45102
was published
Dec 17, 2021
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam...
High
Unreviewed
CVE-2021-44877
was published
Dec 22, 2021
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does...
High
Unreviewed
CVE-2021-23175
was published
Dec 24, 2021
Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed...
High
Unreviewed
CVE-2021-38017
was published
Dec 24, 2021
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45...
High
Unreviewed
CVE-2021-38016
was published
Dec 24, 2021
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user...
High
Unreviewed
CVE-2021-45379
was published
Dec 31, 2021
ProTip!
Advisories are also available from the
GraphQL API