GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
948 advisories
Filter by severity
BookStack is vulnerable to Improper Access Control.
Moderate
CVE-2021-4119
was published
for
ssddanbrown/bookstack
(Composer)
Dec 16, 2021
bookstack is vulnerable to Improper Access Control
Moderate
CVE-2021-4194
was published
for
ssddanbrown/bookstack
(Composer)
Jan 8, 2022
peertube is vulnerable to Improper Access Control
Moderate
Unreviewed
CVE-2022-0170
was published
Jan 12, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it
Moderate
CVE-2022-0179
was published
for
snipe/snipe-it
(Composer)
Jan 21, 2022
The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor...
Moderate
Unreviewed
CVE-2021-24733
was published
Jan 25, 2022
Improper Access Control in snipe-it
Moderate
CVE-2022-0178
was published
for
snipe/snipe-it
(Composer)
Jan 26, 2022
Missing Authorization in Crater Invoice
Moderate
CVE-2022-0203
was published
for
bytefury/crater
(Composer)
Jan 27, 2022
Incorrect Authorization in calibreweb
Moderate
CVE-2022-0273
was published
for
calibreweb
(pip)
Jan 31, 2022
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in...
Moderate
Unreviewed
CVE-2021-25097
was published
Feb 2, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet
Moderate
CVE-2022-23600
was published
for
github.com/fleetdm/fleet/v4
(Go)
Feb 7, 2022
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a...
Moderate
Unreviewed
CVE-2022-21816
was published
Feb 8, 2022
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper...
Moderate
Unreviewed
CVE-2022-21813
was published
Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF...
Moderate
Unreviewed
CVE-2021-24993
was published
Feb 8, 2022
The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress...
Moderate
Unreviewed
CVE-2021-25084
was published
Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its...
Moderate
Unreviewed
CVE-2021-24839
was published
Feb 8, 2022
After the initial setup process, some steps of setup.php file are reachable not only by super...
Moderate
Unreviewed
CVE-2022-23134
was published
Feb 9, 2022
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a...
Moderate
Unreviewed
CVE-2022-24924
was published
Feb 12, 2022
An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to...
Moderate
Unreviewed
CVE-2022-23994
was published
Feb 12, 2022
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12)...
Moderate
Unreviewed
CVE-2022-23433
was published
Feb 12, 2022
Incorrect Authorization in Drupal core
Moderate
CVE-2020-13676
was published
for
drupal/core
(Composer)
Feb 12, 2022
Authorization bypass in Istio
Moderate
CVE-2020-16844
was published
for
istio.io/istio
(Go)
Feb 15, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and...
Moderate
Unreviewed
CVE-2021-24730
was published
Mar 1, 2022
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in...
Moderate
Unreviewed
CVE-2021-24688
was published
Mar 1, 2022
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin...
Moderate
Unreviewed
CVE-2021-46270
was published
Mar 3, 2022
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5.
Moderate
Unreviewed
CVE-2022-0755
was published
Mar 8, 2022
ProTip!
Advisories are also available from the
GraphQL API