Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,284 advisories

Loading
Single Connect does not perform an authorization check when using the "log-monitor" module. A... Moderate Unreviewed
CVE-2021-44792 was published Jan 28, 2022
Missing authentication in ShenYu Critical
CVE-2022-23944 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Credited to tdunlap607
Missing authentication in ShenYu High
CVE-2022-23945 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Credited to tdunlap607
The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting... High Unreviewed
CVE-2021-25093 was published Feb 2, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress... Moderate Unreviewed
CVE-2021-25084 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
Missing authorization in xwiki-platform Moderate
CVE-2022-23617 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
Missing authorization in xwiki-platform Moderate
CVE-2022-23621 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
Improper Access Control in infinispan-server-runtime Moderate
CVE-2020-25711 was published for org.infinispan:infinispan-core (Maven) Feb 9, 2022
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when... High Unreviewed
CVE-2022-24317 was published Feb 11, 2022
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks... Moderate Unreviewed
CVE-2022-22535 was published Feb 11, 2022
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This... High Unreviewed
CVE-2022-20041 was published Feb 11, 2022
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This... High Unreviewed
CVE-2022-20043 was published Feb 11, 2022
In system service, there is a possible permission bypass due to a missing permission check. This... High Unreviewed
CVE-2022-20024 was published Feb 11, 2022
Improper Privilege Management in Snipe-IT Moderate
CVE-2022-0579 was published for snipe/snipe-it (Composer) Feb 15, 2022
An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management... High Unreviewed
CVE-2022-22854 was published Feb 15, 2022
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, may arbitrarily... Moderate Unreviewed
CVE-2022-0188 was published Feb 15, 2022
The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the... Low Unreviewed
CVE-2021-25014 was published Feb 15, 2022
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks... Moderate Unreviewed
CVE-2021-25018 was published Feb 15, 2022
Missing Authorization in Eclipse Che Moderate Unreviewed
CVE-2020-10689 was published Feb 15, 2022
Missing Authorization in Harbor Moderate
CVE-2019-16097 was published for github.com/goharbor/harbor (Go) Feb 15, 2022
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman
Credited to JordanSussman
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25211 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database