Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

235 advisories

Loading
The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033... Critical Unreviewed
CVE-2016-20005 was published May 24, 2022
The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE... Critical Unreviewed
CVE-2016-20001 was published May 24, 2022
The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033.... Critical Unreviewed
CVE-2016-20004 was published May 24, 2022
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It... Critical Unreviewed
CVE-2020-35951 was published May 24, 2022
A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an... Critical Unreviewed
CVE-2020-35547 was published May 24, 2022
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this... Critical Unreviewed
CVE-2020-2506 was published May 24, 2022
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this... Critical Unreviewed
CVE-2020-2507 was published May 24, 2022
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control,... Critical Unreviewed
CVE-2020-29165 was published May 24, 2022
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort()... Critical Unreviewed
CVE-2020-10539 was published May 24, 2022
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass... Critical Unreviewed
CVE-2021-27177 was published May 24, 2022
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the... Critical Unreviewed
CVE-2021-26753 was published May 24, 2022
Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the... Critical Unreviewed
CVE-2021-25648 was published May 24, 2022
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component... Critical Unreviewed
CVE-2019-11684 was published May 24, 2022
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. Critical Unreviewed
CVE-2021-3332 was published May 24, 2022
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret... Critical Unreviewed
CVE-2020-28050 was published May 24, 2022
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP... Critical Unreviewed
CVE-2021-21484 was published May 24, 2022
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote... Critical Unreviewed
CVE-2020-24264 was published May 24, 2022
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation... Critical Unreviewed
CVE-2020-28872 was published May 24, 2022
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit... Critical Unreviewed
CVE-2021-21730 was published May 24, 2022
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code... Critical Unreviewed
CVE-2021-30503 was published May 24, 2022
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where... Critical Unreviewed
CVE-2021-28793 was published May 24, 2022
Drupal Core Access bypass vulnerability Critical
CVE-2020-13665 was published for drupal/core (Composer) May 24, 2022
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive... Critical Unreviewed
CVE-2021-20538 was published May 24, 2022
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 ... Critical Unreviewed
CVE-2021-28799 was published May 24, 2022
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. Critical Unreviewed
CVE-2021-30192 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API