Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

437 advisories

Loading
In BigBlueButton before 2.2.29, a user can vote more than once in a single poll. Moderate Unreviewed
CVE-2020-28953 was published May 24, 2022
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide... Moderate Unreviewed
CVE-2019-18255 was published May 24, 2022
In checkGrantUriPermission of UriGrantsManagerService.java, there is a possible permissions... Moderate Unreviewed
CVE-2020-27097 was published May 24, 2022
Incorrect Permission Assignment for Critical Resource vulnerability in McAfee VirusScan... Moderate Unreviewed
CVE-2020-7337 was published May 24, 2022
Zulip Desktop before 5.0.0 allows attackers to perform recording via the webcam and microphone... Moderate Unreviewed
CVE-2020-10858 was published May 24, 2022
Dell EMC PowerScale OneFS versions 8.1.0-9.1.0 contain a Backup/Restore Privilege implementation... Moderate Unreviewed
CVE-2020-26196 was published May 24, 2022
In tangro Business Workflow before 1.18.1, an attacker can manipulate the value of PERSON in... Moderate Unreviewed
CVE-2020-26175 was published May 24, 2022
HMI/SCADA iFIX (Versions 6.1 and prior) allows a local authenticated user to modify system-wide... Moderate Unreviewed
CVE-2019-18243 was published May 24, 2022
In webERP 4.15, the ManualContents.php file allows users to specify the "Language" parameter,... Moderate Unreviewed
CVE-2020-22474 was published May 24, 2022
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk through 13.29.1, through 16.6... Moderate Unreviewed
CVE-2019-18351 was published May 24, 2022
MK-AUTH through 19.01 K4.9 allows XSS via the admin/logs_ajax.php tipo parameter. An attacker can... Moderate Unreviewed
CVE-2021-21494 was published May 24, 2022
An insecure file permissions vulnerability in Trend Micro Apex One, Apex One as a Service and... Moderate Unreviewed
CVE-2021-28646 was published May 24, 2022
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows... Moderate Unreviewed
CVE-2021-25393 was published May 24, 2022
Generated Code Contains Local Information Disclosure Vulnerability Moderate
CVE-2021-21364 was published for io.swagger:swagger-codegen (Maven) Mar 11, 2021
JLLeitschuh
Cyrus IMAP before 3.2.7, and 3.3.x and 3.4.x before 3.4.1, allows remote authenticated users to... Moderate Unreviewed
CVE-2021-32056 was published May 24, 2022
In multiple managed switches by WAGO in different versions special crafted requests can lead to... Moderate Unreviewed
CVE-2021-20996 was published May 24, 2022
InspIRCd 3.8.0 through 3.9.x before 3.10.0 allows any user (able to connect to the server) to... Moderate Unreviewed
CVE-2021-33586 was published May 24, 2022
The Nginx Controller 3.x before 3.7.0 agent configuration file /etc/controller-agent/agent.conf... Moderate Unreviewed
CVE-2021-23021 was published May 24, 2022
Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify... Moderate Unreviewed
CVE-2021-31929 was published May 24, 2022
In JetBrains TeamCity before 2020.2.2, permission checks for changing TeamCity plugins were... Moderate Unreviewed
CVE-2021-31907 was published May 24, 2022
An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups... Moderate Unreviewed
CVE-2021-36129 was published May 24, 2022
Incorrect permission assignment for critical resource vulnerability in QSAN Storage Manager... Moderate Unreviewed
CVE-2021-32526 was published May 24, 2022
Dataease before 1.11.2 access control issue allows attackers to arbitrarily uninstall plugin Moderate
CVE-2022-34112 was published for io.dataease:dataease-plugin-common (Maven) Jul 23, 2022
In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by... Moderate Unreviewed
CVE-2017-16631 was published May 24, 2022
In cPanel before 96.0.8, weak permissions on web stats can lead to information disclosure (SEC-584). Moderate Unreviewed
CVE-2021-38590 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database