Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

1,995 advisories

Loading
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire... High Unreviewed
CVE-2021-43051 was published Dec 15, 2021
In getLine1NumberForDisplay of PhoneInterfaceManager.java, there is apossible way to determine... Low Unreviewed
CVE-2021-1034 was published Dec 16, 2021
An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When... High Unreviewed
CVE-2021-45102 was published Dec 17, 2021
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings... Moderate Unreviewed
CVE-2021-35248 was published Dec 21, 2021
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0... Moderate Unreviewed
CVE-2021-38900 was published Dec 22, 2021
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam... High Unreviewed
CVE-2021-44877 was published Dec 22, 2021
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. Moderate Unreviewed
CVE-2021-45091 was published Dec 22, 2021
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. Moderate Unreviewed
CVE-2021-45089 was published Dec 22, 2021
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does... High Unreviewed
CVE-2021-23175 was published Dec 24, 2021
Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed... High Unreviewed
CVE-2021-38017 was published Dec 24, 2021
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45... High Unreviewed
CVE-2021-38016 was published Dec 24, 2021
Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664... Moderate Unreviewed
CVE-2021-38020 was published Dec 24, 2021
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote... Moderate Unreviewed
CVE-2021-38019 was published Dec 24, 2021
PI Vision could disclose information to a user with insufficient privileges for an AF attribute... Unknown Unreviewed
CVE-2021-3090 was published Dec 29, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN... Critical Unreviewed
CVE-2021-20149 was published Dec 31, 2021
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user... High Unreviewed
CVE-2021-45379 was published Dec 31, 2021
Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and... Moderate Unreviewed
CVE-2021-20868 was published Jan 5, 2022
Improper Authorization in Keycloak High
CVE-2021-4133 was published for org.keycloak:keycloak-services (Maven) Jan 6, 2022
Incorrect Authorization in latte/latte Critical
CVE-2021-23803 was published for latte/latte (Composer) Jan 6, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file... High Unreviewed
CVE-2021-44586 was published Jan 11, 2022
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app... High Unreviewed
CVE-2022-22288 was published Jan 11, 2022
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to... Low Unreviewed
CVE-2022-22272 was published Jan 11, 2022
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass. Moderate Unreviewed
CVE-2022-21913 was published Jan 12, 2022
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability. Moderate Unreviewed
CVE-2022-21899 was published Jan 12, 2022
ProTip! Advisories are also available from the GraphQL API