Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,995 advisories

Loading
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior,... High Unreviewed
CVE-2021-20864 was published Dec 2, 2021
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior,... Moderate Unreviewed
CVE-2021-20862 was published Dec 2, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Permissions not properly checked in Invenio-Drafts-Resources Moderate
CVE-2021-43781 was published for invenio-app-rdm (pip) Dec 6, 2021
lnielsen
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login... High Unreviewed
CVE-2021-24917 was published Dec 7, 2021
There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of... High Unreviewed
CVE-2021-37038 was published Dec 8, 2021
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42126 was published Dec 8, 2021
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42124 was published Dec 8, 2021
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to... Critical Unreviewed
CVE-2021-38503 was published Dec 9, 2021
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3... Moderate Unreviewed
CVE-2021-41013 was published Dec 9, 2021
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an... High Unreviewed
CVE-2021-42758 was published Dec 9, 2021
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin... Critical Unreviewed
CVE-2021-43703 was published Dec 10, 2021
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... High Unreviewed
CVE-2021-29678 was published Dec 10, 2021
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6... Moderate Unreviewed
CVE-2021-36167 was published Dec 10, 2021
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has... High Unreviewed
CVE-2021-41805 was published Dec 13, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the... Critical Unreviewed
CVE-2021-39052 was published Dec 14, 2021
Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before... Moderate Unreviewed
CVE-2021-39945 was published Dec 14, 2021
Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6,... Moderate Unreviewed
CVE-2021-39936 was published Dec 14, 2021
Improper access control allows any project member to retrieve the service desk email address in... Moderate Unreviewed
CVE-2021-39934 was published Dec 14, 2021
Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4,... Moderate Unreviewed
CVE-2021-39930 was published Dec 14, 2021
Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all... Moderate Unreviewed
CVE-2021-39918 was published Dec 14, 2021
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows... Moderate Unreviewed
CVE-2021-36169 was published Dec 14, 2021
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as... Moderate Unreviewed
CVE-2021-24872 was published Dec 14, 2021
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation... Moderate Unreviewed
CVE-2021-24836 was published Dec 14, 2021
The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation... Moderate Unreviewed
CVE-2021-24819 was published Dec 14, 2021
ProTip! Advisories are also available from the GraphQL API