Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
40
GitHub Actions
40
Go
2,951
Maven
5,000+
npm
4,597
NuGet
787
pip
4,304
Pub
12
RubyGems
982
Rust
1,121
Swift
49
Unreviewed advisories
All unreviewed
5,000+

1,348 advisories

Loading
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle... High Unreviewed
CVE-2021-37572 was published Dec 27, 2021
Yappli is an application development platform which provides the function to access a requested... High Unreviewed
CVE-2021-20873 was published Dec 29, 2021
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated... High Unreviewed
CVE-2021-24831 was published Jan 4, 2022
Missing Authorization in DayByDay CRM High
CVE-2022-22111 was published for bottelet/flarepoint (Composer) Jan 8, 2022
The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to... High Unreviewed
CVE-2022-0236 was published Jan 19, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed
CVE-2021-24906 was published Jan 25, 2022
Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui"... High Unreviewed
CVE-2021-44795 was published Jan 28, 2022
Single Connect does not perform an authorization check when using the sc-reports-ui" module. A... High Unreviewed
CVE-2021-44793 was published Jan 28, 2022
Missing authentication in ShenYu High
CVE-2022-23945 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Credited to tdunlap607
The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting... High Unreviewed
CVE-2021-25093 was published Feb 2, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when... High Unreviewed
CVE-2022-24317 was published Feb 11, 2022
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This... High Unreviewed
CVE-2022-20043 was published Feb 11, 2022
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This... High Unreviewed
CVE-2022-20041 was published Feb 11, 2022
In system service, there is a possible permission bypass due to a missing permission check. This... High Unreviewed
CVE-2022-20024 was published Feb 11, 2022
An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management... High Unreviewed
CVE-2022-22854 was published Feb 15, 2022
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman
Credited to JordanSussman
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25208 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Credited to NotMyFault
Missing Authorization in Jenkins dbCharts Plugin High
CVE-2022-25206 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
Credited to NotMyFault
Missing permission check in Jenkins SCP publisher Plugin High
CVE-2022-25199 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
Credited to NotMyFault
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support... High Unreviewed
CVE-2020-25718 was published Feb 19, 2022
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename... High Unreviewed
CVE-2022-24986 was published Feb 27, 2022
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an... High Unreviewed
CVE-2021-46378 was published Mar 5, 2022
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in... High Unreviewed
CVE-2021-25087 was published Mar 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database