GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,704
Composer 4,237
Erlang 31
GitHub Actions 20
Go 2,000
Maven 5,183
npm 3,711
NuGet 661
pip 3,383
Pub 11
RubyGems 885
Rust 849
Swift 36

Unreviewed advisories

All unreviewed 235,477

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

95 advisories

Filter by severity

Sort by

Least recently updated

OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions,... Critical Unreviewed

CVE-2020-13421 was published May 24, 2022

Tad Book3 editing book page does not perform identity verification. Remote attackers can use the... Critical Unreviewed

CVE-2021-41974 was published May 24, 2022

HashiCorp Vault Incorrect Permission Assignment for Critical Resource Critical

CVE-2021-43998 was published for github.com/hashicorp/vault (Go) Dec 2, 2021

A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an... Critical Unreviewed

CVE-2021-39409 was published Jun 25, 2022

Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete... Critical Unreviewed

CVE-2021-22648 was published Jul 29, 2022

OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected... Critical Unreviewed

CVE-2020-11831 was published May 24, 2022

Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is... Critical Unreviewed

CVE-2020-16259 was published May 24, 2022

An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made... Critical Unreviewed

CVE-2020-35949 was published May 24, 2022

In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin... Critical Unreviewed

CVE-2020-35339 was published May 24, 2022

An incorrect setting of UXN bits within mmu_flags_to_s1_pte_attr lead to privileged executable... Critical Unreviewed

CVE-2021-22566 was published Jan 19, 2022

HGiga EIP product lacks ineffective access control in certain pages that allow attackers to... Critical Unreviewed

CVE-2021-22850 was published May 24, 2022

Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14... Critical Unreviewed

CVE-2021-41428 was published May 24, 2022

A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to... Critical Unreviewed

CVE-2022-2185 was published Jul 2, 2022

Apache Cassandra vulnerable to Code Injection due to unsafe configuration Critical

CVE-2021-44521 was published for org.apache.cassandra:cassandra-all (Maven) Feb 12, 2022

In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is... Critical Unreviewed

CVE-2021-41589 was published May 24, 2022

Incorrect Permission Assignment for Critical Resource in ShopXO Critical

CVE-2022-28056 was published for shopxo/shopxo (Composer) May 3, 2022

In Kaspersky Internet Security for Android 11.12.4.1622, some of application exports activities... Critical Unreviewed

CVE-2017-12816 was published May 13, 2022

postgresql before versions 10.4, 9.6.9 is vulnerable in the adminpack extension, the pg_catalog... Critical Unreviewed

CVE-2018-1115 was published May 13, 2022

An issue was discovered on SoftCase T-Router build 20112017 devices. There are no restrictions on... Critical Unreviewed

CVE-2018-11240 was published May 13, 2022

Missing HTTPOnly flag in Web Applications operating on Business-DNA Solutions GmbHâ€™s TopEaseÂ®... Critical Unreviewed

CVE-2021-42115 was published Dec 1, 2021

KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer... Critical Unreviewed

CVE-2017-9602 was published May 13, 2022

This vulnerability allows remote attackers to cause a denial-of-service condition on vulnerable... Critical Unreviewed

CVE-2018-1164 was published May 13, 2022

A vulnerability in which the HTTP web server for Cisco Prime Infrastructure (PI) has unrestricted... Critical Unreviewed

CVE-2018-15379 was published May 13, 2022

Systems using the Marel Food Processing Systems Pluto platform do not restrict remote access.... Critical Unreviewed

CVE-2017-9626 was published May 13, 2022

Mahara 15.04 before 15.04.10 and 15.10 before 15.10.6 and 16.04 before 16.04.4 are vulnerable to... Critical Unreviewed

CVE-2017-1000153 was published May 13, 2022

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

95 advisories