Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

235 advisories

Loading
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php,... Critical Unreviewed
CVE-2020-20466 was published May 24, 2022
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote... Critical Unreviewed
CVE-2021-3044 was published May 24, 2022
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product.... Critical Unreviewed
CVE-2021-33346 was published May 24, 2022
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A... Critical Unreviewed
CVE-2021-35336 was published May 24, 2022
Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021... Critical Unreviewed
CVE-2021-25437 was published May 24, 2022
There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-22389 was published May 24, 2022
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an... Critical Unreviewed
CVE-2021-30571 was published May 24, 2022
A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to... Critical Unreviewed
CVE-2020-19301 was published May 24, 2022
Certain NETGEAR devices are affected by lack of access control at the function level. This... Critical Unreviewed
CVE-2021-38516 was published May 24, 2022
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive... Critical Unreviewed
CVE-2020-18701 was published May 24, 2022
ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters,... Critical Unreviewed
CVE-2021-32829 was published May 24, 2022
OpenStack Neutron vulnerable to hardware address impersonation Critical
CVE-2021-38598 was published for neutron (pip) May 24, 2022
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's... Critical Unreviewed
CVE-2021-26040 was published May 24, 2022
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC)... Critical Unreviewed
CVE-2021-1577 was published May 24, 2022
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access... Critical Unreviewed
CVE-2021-37421 was published May 24, 2022
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a... Critical Unreviewed
CVE-2021-27663 was published May 24, 2022
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the... Critical Unreviewed
CVE-2020-21124 was published May 24, 2022
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed... Critical Unreviewed
CVE-2021-35943 was published May 24, 2022
There is a flaw in the code used to configure the internal gateway firewall when the gateway's... Critical Unreviewed
CVE-2020-12030 was published May 24, 2022
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41591 was published May 24, 2022
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41592 was published May 24, 2022
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password... Critical Unreviewed
CVE-2021-3833 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38454 was published May 24, 2022
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and... Critical Unreviewed
CVE-2021-41873 was published May 24, 2022
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that... Critical Unreviewed
CVE-2021-3705 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API