GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
53 advisories
Filter by severity
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.
Critical
Unreviewed
CVE-2022-2595
was published
Aug 2, 2022
Improper Authorization in Apache Shiro
Critical
CVE-2022-32532
was published
for
org.apache.shiro:shiro-core
(Maven)
Jun 30, 2022
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated...
Critical
Unreviewed
CVE-2021-42338
was published
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21693
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the...
Critical
Unreviewed
CVE-2021-41974
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
Critical
Unreviewed
CVE-2021-36029
was published
May 24, 2022
Obsidian does not require user confirmation for non-http/https URLs.
Critical
CVE-2021-38148
was published
for
obsidian
(npm)
May 24, 2022
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to...
Critical
Unreviewed
CVE-2021-32523
was published
May 24, 2022
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 ...
Critical
Unreviewed
CVE-2021-28799
was published
May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT...
Critical
Unreviewed
CVE-2020-12500
was published
May 24, 2022
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an...
Critical
Unreviewed
CVE-2019-13550
was published
May 24, 2022
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized...
Critical
Unreviewed
CVE-2018-14670
was published
May 24, 2022
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches...
Critical
Unreviewed
CVE-2019-1912
was published
May 24, 2022
Authorization bypass in Spring Security
Critical
CVE-2022-22978
was published
for
org.springframework.security:spring-security-core
(Maven)
May 20, 2022
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3...
Critical
Unreviewed
CVE-2016-6825
was published
May 17, 2022
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which...
Critical
Unreviewed
CVE-2016-0922
was published
May 17, 2022
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do...
Critical
Unreviewed
CVE-2016-5799
was published
May 17, 2022
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log...
Critical
Unreviewed
CVE-2016-10734
was published
May 14, 2022
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI...
Critical
Unreviewed
CVE-2015-5463
was published
May 14, 2022
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and...
Critical
Unreviewed
CVE-2015-3954
was published
May 13, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0993
was published
Apr 20, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Critical
Unreviewed
CVE-2022-21196
was published
Feb 19, 2022
Authorization bypass in Openshift
Critical
CVE-2016-1906
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Critical
CVE-2021-32619
was published
for
deno
(Rust)
Sep 23, 2021
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
ProTip!
Advisories are also available from the
GraphQL API