Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

751 advisories

Loading
Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2 High
GHSA-9r5x-fjv3-q6h4 was published for github.com/nats-io/jwt (Go) Feb 15, 2022 withdrawn
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman
Improper Access Control in librenms High
CVE-2022-0580 was published for librenms/librenms (Composer) Feb 16, 2022
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests... High Unreviewed
CVE-2021-3560 was published Feb 17, 2022
VMware ESXi contains an unauthorized access vulnerability due to VMX having access to settingsd... High Unreviewed
CVE-2021-22042 was published Feb 17, 2022
Multiple flaws were found in the way samba AD DC implemented access and conformance checking of... High Unreviewed
CVE-2020-25722 was published Feb 19, 2022
Incorrect Authorization in runc High
CVE-2019-16884 was published for github.com/opencontainers/runc (Go) Feb 22, 2022
The backend infrastructure shared by multiple mobile device monitoring services does not... High Unreviewed
CVE-2022-0732 was published Feb 25, 2022
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon... High Unreviewed
CVE-2019-25058 was published Feb 25, 2022
A improper handling of insufficient permissions or privileges in Fortinet FortiAnalyzer version 5... High Unreviewed
CVE-2022-22300 was published Mar 2, 2022
Improper Authorization in GitHub repository webmin/webmin prior to 1.990. High Unreviewed
CVE-2022-0829 was published Mar 3, 2022
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990. High Unreviewed
CVE-2022-0824 was published Mar 3, 2022
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote... High Unreviewed
CVE-2022-25214 was published Mar 11, 2022
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022... High Unreviewed
CVE-2022-24931 was published Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the "... High Unreviewed
CVE-2021-42855 was published Mar 11, 2022
Improper Authorization in cobbler High
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a... High Unreviewed
CVE-2021-41850 was published Mar 13, 2022
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension... High Unreviewed
CVE-2022-24128 was published Mar 14, 2022
Improper Authorization in org.cometd.oort High
CVE-2022-24721 was published for org.cometd.java:cometd-java-oort (Maven) Mar 15, 2022
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed... High Unreviewed
CVE-2022-25364 was published Mar 18, 2022
Information Exposure in Apache Tapestry High
CVE-2021-30638 was published for org.apache.tapestry:tapestry-core (Maven) Mar 18, 2022
This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and... High Unreviewed
CVE-2022-22618 was published Mar 19, 2022
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF... High Unreviewed
CVE-2021-24905 was published Mar 22, 2022
ProTip! Advisories are also available from the GraphQL API