GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
30
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,683
NuGet
650
pip
3,299
Pub
11
RubyGems
878
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
255 advisories
Filter by severity
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation...
Critical
Unreviewed
CVE-2017-7512
was published
May 13, 2022
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics...
Critical
Unreviewed
CVE-2017-9653
was published
May 13, 2022
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization...
Critical
Unreviewed
CVE-2018-1000155
was published
May 13, 2022
WebExtensions bundled with embedded experiments were not correctly checked for proper...
Critical
Unreviewed
CVE-2018-12369
was published
May 13, 2022
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to...
Critical
Unreviewed
CVE-2018-13324
was published
May 13, 2022
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports...
Critical
Unreviewed
CVE-2018-18815
was published
May 13, 2022
In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the...
Critical
Unreviewed
CVE-2018-19515
was published
May 13, 2022
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network...
Critical
Unreviewed
CVE-2018-7245
was published
May 13, 2022
Authorization bypass in Spring Security
Critical
CVE-2022-22978
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Sandbox bypass in ontrack Jenkins Plugin
Critical
CVE-2019-10306
was published
for
org.jenkins-ci.plugins:ontrack
(Maven)
May 24, 2022
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an...
Critical
Unreviewed
CVE-2019-7304
was published
May 24, 2022
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches...
Critical
Unreviewed
CVE-2019-1912
was published
May 24, 2022
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a...
Critical
Unreviewed
CVE-2019-14237
was published
May 24, 2022
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices,...
Critical
Unreviewed
CVE-2019-14236
was published
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin
Critical
CVE-2019-10417
was published
for
io.fabric8.pipeline:kubernetes-pipeline-steps
(Maven)
May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin
Critical
CVE-2019-10418
was published
for
io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps
(Maven)
May 24, 2022
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access...
Critical
Unreviewed
CVE-2019-15941
was published
May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin
Critical
CVE-2019-10458
was published
for
org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline
(Maven)
May 24, 2022
A vulnerability in the authorization controls for the Cisco IOx application hosting...
Critical
Unreviewed
CVE-2020-3227
was published
May 24, 2022
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT...
Critical
Unreviewed
CVE-2020-25283
was published
May 24, 2022
An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software ...
Critical
Unreviewed
CVE-2020-25282
was published
May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT...
Critical
Unreviewed
CVE-2020-12500
was published
May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT...
Critical
Unreviewed
CVE-2020-12504
was published
May 24, 2022
An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.An...
Critical
Unreviewed
CVE-2020-16904
was published
May 24, 2022
The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033...
Critical
Unreviewed
CVE-2016-20005
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API