Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

235 advisories

Loading
Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates... Critical Unreviewed
CVE-2022-24609 was published Mar 11, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14... Critical Unreviewed
CVE-2022-0735 was published Mar 29, 2022
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. Critical Unreviewed
CVE-2022-26279 was published Mar 26, 2022
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen... Critical Unreviewed
CVE-2022-26629 was published Mar 25, 2022
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the... Critical Unreviewed
CVE-2021-39052 was published Dec 14, 2021
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin... Critical Unreviewed
CVE-2021-43703 was published Dec 10, 2021
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use... Critical Unreviewed
CVE-2022-26676 was published Apr 8, 2022
An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to... Critical Unreviewed
CVE-2022-27128 was published Apr 11, 2022
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow... Critical Unreviewed
CVE-2021-46419 was published Apr 8, 2022
There is an arbitrary address access vulnerability with the product line test code.Successful... Critical Unreviewed
CVE-2021-39994 was published Feb 11, 2022
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control... Critical Unreviewed
CVE-2021-39070 was published Feb 3, 2022
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow... Critical Unreviewed
CVE-2010-1435 was published Apr 21, 2022
Depending on the configuration of the route permission table in file 'saprouttab', it is possible... Critical Unreviewed
CVE-2022-27668 was published Jun 15, 2022
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC)... Critical Unreviewed
CVE-2021-1577 was published May 24, 2022
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip... Critical Unreviewed
CVE-2021-28506 was published Jan 15, 2022
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. Critical Unreviewed
CVE-2021-3332 was published May 24, 2022
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote... Critical Unreviewed
CVE-2021-3044 was published May 24, 2022
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A... Critical Unreviewed
CVE-2021-35336 was published May 24, 2022
TrueStack Direct Connect 1.4.7 has Incorrect Access Control. Critical Unreviewed
CVE-2022-23775 was published May 26, 2022
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit... Critical Unreviewed
CVE-2021-21730 was published May 24, 2022
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product.... Critical Unreviewed
CVE-2021-33346 was published May 24, 2022
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an... Critical Unreviewed
CVE-2022-25237 was published Jun 3, 2022
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code... Critical Unreviewed
CVE-2021-30503 was published May 24, 2022
A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to... Critical Unreviewed
CVE-2020-19301 was published May 24, 2022
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. Critical Unreviewed
CVE-2021-30192 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API