Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,743
Erlang
35
GitHub Actions
29
Go
2,315
Maven
5,000+
npm
3,949
NuGet
711
pip
3,729
Pub
12
RubyGems
920
Rust
965
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

195 advisories

Loading
Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at... Critical Unreviewed
CVE-2022-36427 was published Sep 7, 2022
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node... Critical Unreviewed
CVE-2022-36642 was published Sep 3, 2022
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain... Critical Unreviewed
CVE-2022-35293 was published Aug 11, 2022
LRM does not implement authentication or authorization by default. A malicious actor can inject,... Critical Unreviewed
CVE-2022-1521 was published Jun 25, 2022
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate... Critical Unreviewed
CVE-2022-0885 was published Jun 14, 2022
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could... Critical Unreviewed
CVE-2020-4926 was published May 25, 2022
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows... Critical Unreviewed
CVE-2020-25366 was published May 24, 2022
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken... Critical Unreviewed
CVE-2021-32172 was published May 24, 2022
BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an... Critical Unreviewed
CVE-2021-41729 was published May 24, 2022
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect... Critical Unreviewed
CVE-2021-33924 was published May 24, 2022
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5... Critical Unreviewed
CVE-2021-37270 was published May 24, 2022
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31,... Critical Unreviewed
CVE-2021-37535 was published May 24, 2022
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This... Critical Unreviewed
CVE-2020-25359 was published May 24, 2022
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to... Critical Unreviewed
CVE-2020-18753 was published May 24, 2022
A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start... Critical Unreviewed
CVE-2021-35327 was published May 24, 2022
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5... Critical Unreviewed
CVE-2020-36239 was published May 24, 2022
File Deletion vulnerability in Halo 0.4.3 via delBackup. Critical Unreviewed
CVE-2020-19038 was published May 24, 2022
Istio before 1.8.6 and 1.9.x before 1.9.5, when a gateway is using the AUTO_PASSTHROUGH routing... Critical Unreviewed
CVE-2021-31921 was published May 24, 2022
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before... Critical Unreviewed
CVE-2021-22891 was published May 24, 2022
It has been discovered that redhat-certification does not perform an authorization check and it... Critical Unreviewed
CVE-2018-10866 was published May 24, 2022
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented... Critical Unreviewed
CVE-2020-4669 was published May 24, 2022
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can... Critical Unreviewed
CVE-2021-27573 was published May 24, 2022
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a... Critical Unreviewed
CVE-2021-26990 was published May 24, 2022
** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access.... Critical Unreviewed
CVE-2021-28154 was published May 24, 2022
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows... Critical Unreviewed
CVE-2021-28141 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database