Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

234 advisories

Loading
Potential session hijack in Apache CXF Critical
CVE-2019-12419 was published for org.apache.cxf:cxf (Maven) Nov 8, 2019
Incorrect Authorization in Apache Solr Critical
CVE-2021-29943 was published for org.apache.solr:solr-parent (Maven) May 10, 2021
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Incorrect Authorization in serverless-offline Critical
CVE-2021-38384 was published for serverless-offline (npm) Sep 1, 2021
Deno's static imports inside dynamically imported modules do not adhere to permission checks Critical
CVE-2021-32619 was published for deno (Rust) Sep 23, 2021
nayeemrmn
Improper Access Control in Webauthn Framework Critical
CVE-2021-38299 was published for web-auth/webauthn-framework (Composer) Sep 29, 2021
Incorrect Authorization in Apache Ozone Critical
CVE-2021-39233 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to... Critical Unreviewed
CVE-2021-38503 was published Dec 9, 2021
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin... Critical Unreviewed
CVE-2021-43703 was published Dec 10, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the... Critical Unreviewed
CVE-2021-39052 was published Dec 14, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN... Critical Unreviewed
CVE-2021-20149 was published Dec 31, 2021
Incorrect Authorization in latte/latte Critical
CVE-2021-23803 was published for latte/latte (Composer) Jan 6, 2022
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip... Critical Unreviewed
CVE-2021-28506 was published Jan 15, 2022
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services... Critical Unreviewed
CVE-2022-22167 was published Jan 20, 2022
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services... Critical Unreviewed
CVE-2022-22157 was published Jan 20, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized... Critical Unreviewed
CVE-2020-4877 was published Jan 22, 2022
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control... Critical Unreviewed
CVE-2021-39070 was published Feb 3, 2022
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not... Critical Unreviewed
CVE-2022-24307 was published Feb 10, 2022
Incorrect Authorization in Apache Solr Critical
CVE-2020-13957 was published for org.apache.solr:solr-parent (Maven) Feb 10, 2022
kurt-r2c
There is an arbitrary address access vulnerability with the product line test code.Successful... Critical Unreviewed
CVE-2021-39994 was published Feb 11, 2022
nats-io/jwt not enforcing checking of Import token permissions Critical
CVE-2021-3127 was published for github.com/nats-io/jwt (Go) Feb 15, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21196 was published Feb 19, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21141 was published Feb 19, 2022
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify... Critical Unreviewed
CVE-2022-25402 was published Feb 25, 2022
Access Control vulnerability within CoreNLP Critical
CVE-2021-44550 was published for edu.stanford.nlp:stanford-corenlp (Maven) Feb 25, 2022
ProTip! Advisories are also available from the GraphQL API