Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,055
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,605
NuGet
638
pip
3,208
Pub
10
RubyGems
852
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

776 advisories

Loading
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which... Moderate Unreviewed
CVE-2021-24842 was published Nov 30, 2021
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior,... Moderate Unreviewed
CVE-2021-20862 was published Dec 2, 2021
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3... Moderate Unreviewed
CVE-2021-41013 was published Dec 9, 2021
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6... Moderate Unreviewed
CVE-2021-36167 was published Dec 10, 2021
Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before... Moderate Unreviewed
CVE-2021-39945 was published Dec 14, 2021
Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6,... Moderate Unreviewed
CVE-2021-39936 was published Dec 14, 2021
Improper access control allows any project member to retrieve the service desk email address in... Moderate Unreviewed
CVE-2021-39934 was published Dec 14, 2021
Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4,... Moderate Unreviewed
CVE-2021-39930 was published Dec 14, 2021
Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all... Moderate Unreviewed
CVE-2021-39918 was published Dec 14, 2021
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows... Moderate Unreviewed
CVE-2021-36169 was published Dec 14, 2021
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as... Moderate Unreviewed
CVE-2021-24872 was published Dec 14, 2021
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation... Moderate Unreviewed
CVE-2021-24836 was published Dec 14, 2021
The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation... Moderate Unreviewed
CVE-2021-24819 was published Dec 14, 2021
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings... Moderate Unreviewed
CVE-2021-35248 was published Dec 21, 2021
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0... Moderate Unreviewed
CVE-2021-38900 was published Dec 22, 2021
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control. Moderate Unreviewed
CVE-2021-45091 was published Dec 22, 2021
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control. Moderate Unreviewed
CVE-2021-45089 was published Dec 22, 2021
Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664... Moderate Unreviewed
CVE-2021-38020 was published Dec 24, 2021
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote... Moderate Unreviewed
CVE-2021-38019 was published Dec 24, 2021
Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and... Moderate Unreviewed
CVE-2021-20868 was published Jan 5, 2022
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass. Moderate Unreviewed
CVE-2022-21913 was published Jan 12, 2022
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability. Moderate Unreviewed
CVE-2022-21899 was published Jan 12, 2022
Secure Boot Security Feature Bypass Vulnerability. Moderate Unreviewed
CVE-2022-21894 was published Jan 12, 2022
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register... Moderate Unreviewed
CVE-2021-43974 was published Jan 12, 2022
An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking... Moderate Unreviewed
CVE-2021-44836 was published Jan 19, 2022
ProTip! Advisories are also available from the GraphQL API