GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
967 advisories
Filter by severity
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an...
Moderate
Unreviewed
CVE-2021-38971
was published
Mar 15, 2022
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Moderate
Unreviewed
CVE-2022-0821
was published
Mar 12, 2022
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware...
Moderate
Unreviewed
CVE-2022-24930
was published
Mar 11, 2022
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote...
Moderate
Unreviewed
CVE-2022-25215
was published
Mar 11, 2022
Incorrect Authentication in shopware
Moderate
CVE-2022-24748
was published
for
shopware/core
(Composer)
Mar 10, 2022
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1,...
Moderate
Unreviewed
CVE-2021-24824
was published
Mar 8, 2022
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user...
Moderate
Unreviewed
CVE-2022-0442
was published
Mar 8, 2022
Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
Moderate
Unreviewed
CVE-2022-0756
was published
Mar 8, 2022
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered...
Moderate
Unreviewed
CVE-2021-3658
was published
Mar 4, 2022
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low...
Moderate
Unreviewed
CVE-2021-45074
was published
Mar 3, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy
Moderate
CVE-2022-0577
was published
for
scrapy
(pip)
Mar 1, 2022
Exposure of Resource to Wrong Sphere in microweber
Moderate
CVE-2022-0762
was published
for
microweber/microweber
(Composer)
Feb 27, 2022
Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.
Moderate
Unreviewed
CVE-2022-0726
was published
Feb 24, 2022
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0.
Moderate
Unreviewed
CVE-2022-0727
was published
Feb 24, 2022
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2022-0731
was published
for
dolibarr/dolibarr
(Composer)
Feb 24, 2022
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation...
Moderate
Unreviewed
CVE-2022-0164
was published
Feb 22, 2022
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an...
Moderate
Unreviewed
CVE-2022-25318
was published
Feb 19, 2022
Incorrect authorization in Drupal core
Moderate
CVE-2022-25270
was published
for
drupal/core
(Composer)
Feb 18, 2022
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly...
Moderate
Unreviewed
CVE-2022-0633
was published
Feb 18, 2022
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated...
Moderate
Unreviewed
CVE-2021-43948
was published
Feb 16, 2022
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed...
Moderate
Unreviewed
CVE-2022-0305
was published
Feb 15, 2022
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote...
Moderate
Unreviewed
CVE-2022-0309
was published
Feb 15, 2022
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed...
Moderate
Unreviewed
CVE-2022-24110
was published
Feb 15, 2022
Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information...
Moderate
Unreviewed
CVE-2021-45310
was published
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API