GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,085 advisories
Filter by severity
Incorrect Authorization in Apache Solr
Moderate
CVE-2018-11802
was published
for
org.apache.solr:solr-core
(Maven)
Feb 9, 2022
Improper Privilege Management in Apache Hadoop
High
CVE-2020-9492
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Feb 9, 2022
Partial authorization bypass on document save in xwiki-platform
Moderate
CVE-2022-23615
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Feb 9, 2022
Incorrect Authorization in keycloak
Moderate
CVE-2020-1725
was published
for
org.keycloak:keycloak-parent
(Maven)
Feb 9, 2022
After the initial setup process, some steps of setup.php file are reachable not only by super...
Moderate
Unreviewed
CVE-2022-23134
was published
Feb 9, 2022
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar...
Moderate
Unreviewed
CVE-2021-29394
was published
Feb 9, 2022
Incorrect Authorization in NATS nats-server
High
CVE-2022-24450
was published
for
github.com/nats-io/nats-server/v2
(Go)
Feb 8, 2022
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and...
Moderate
Unreviewed
CVE-2021-36177
was published
Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and...
Moderate
Unreviewed
CVE-2021-24947
was published
Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF...
Moderate
Unreviewed
CVE-2021-24993
was published
Feb 8, 2022
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control...
Critical
Unreviewed
CVE-2021-39070
was published
Feb 3, 2022
Improper Input Validation in Apache Pulsar
Moderate
CVE-2021-41571
was published
for
org.apache.pulsar:pulsar
(Maven)
Feb 2, 2022
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in...
Moderate
Unreviewed
CVE-2021-25097
was published
Feb 2, 2022
Incorrect Authorization in calibreweb
Moderate
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET...
High
Unreviewed
CVE-2021-41608
was published
Jan 29, 2022
Insufficient user authorization in Moodle
Low
CVE-2022-0333
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
Insufficient user authorization in Moodle
Moderate
CVE-2022-0334
was published
for
moodle/moodle
(Composer)
Jan 28, 2022
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more...
High
Unreviewed
CVE-2022-23033
was published
Jan 26, 2022
On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a...
High
Unreviewed
CVE-2022-23009
was published
Jan 26, 2022
The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor...
Moderate
Unreviewed
CVE-2021-24733
was published
Jan 25, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib...
High
Unreviewed
CVE-2021-24906
was published
Jan 25, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized...
Critical
Unreviewed
CVE-2020-4877
was published
Jan 22, 2022
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services...
Critical
Unreviewed
CVE-2022-22157
was published
Jan 20, 2022
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services...
Critical
Unreviewed
CVE-2022-22167
was published
Jan 20, 2022
Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability...
High
Unreviewed
CVE-2021-38789
was published
Jan 20, 2022
ProTip!
Advisories are also available from the
GraphQL API