Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

967 advisories

Loading
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an... Moderate Unreviewed
CVE-2021-38971 was published Mar 15, 2022
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. Moderate Unreviewed
CVE-2022-0821 was published Mar 12, 2022
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware... Moderate Unreviewed
CVE-2022-24930 was published Mar 11, 2022
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote... Moderate Unreviewed
CVE-2022-25215 was published Mar 11, 2022
Incorrect Authentication in shopware Moderate
CVE-2022-24748 was published for shopware/core (Composer) Mar 10, 2022
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1,... Moderate Unreviewed
CVE-2021-24824 was published Mar 8, 2022
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user... Moderate Unreviewed
CVE-2022-0442 was published Mar 8, 2022
Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Moderate Unreviewed
CVE-2022-0756 was published Mar 8, 2022
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered... Moderate Unreviewed
CVE-2021-3658 was published Mar 4, 2022
JFrog Artifactory before 7.29.3 and 6.23.38, is vulnerable to Broken Access Control, a low... Moderate Unreviewed
CVE-2021-45074 was published Mar 3, 2022
Incorrect Authorization and Exposure of Sensitive Information to an Unauthorized Actor in scrapy Moderate
CVE-2022-0577 was published for scrapy (pip) Mar 1, 2022
ranjit-git
Exposure of Resource to Wrong Sphere in microweber Moderate
CVE-2022-0762 was published for microweber/microweber (Composer) Feb 27, 2022
Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Moderate Unreviewed
CVE-2022-0726 was published Feb 24, 2022
Improper Access Control in GitHub repository chocobozzz/peertube prior to 4.1.0. Moderate Unreviewed
CVE-2022-0727 was published Feb 24, 2022
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2022-0731 was published for dolibarr/dolibarr (Composer) Feb 24, 2022
The Coming soon and Maintenance mode WordPress plugin before 3.6.8 does not have authorisation... Moderate Unreviewed
CVE-2022-0164 was published Feb 22, 2022
An issue was discovered in Cerebrate through 1.4. An incorrect sharing group ACL allowed an... Moderate Unreviewed
CVE-2022-25318 was published Feb 19, 2022
Incorrect authorization in Drupal core Moderate
CVE-2022-25270 was published for drupal/core (Composer) Feb 18, 2022
The UpdraftPlus WordPress plugin Free before 1.22.3 and Premium before 2.22.3 do not properly... Moderate Unreviewed
CVE-2022-0633 was published Feb 18, 2022
Affected versions of Atlassian Jira Service Management Server and Data Center allow authenticated... Moderate Unreviewed
CVE-2021-43948 was published Feb 16, 2022
Incorrect Authorization in PostgreSQL Moderate Unreviewed
CVE-2021-20229 was published Feb 15, 2022
Inappropriate implementation in Service Worker API in Google Chrome prior to 97.0.4692.99 allowed... Moderate Unreviewed
CVE-2022-0305 was published Feb 15, 2022
Inappropriate implementation in Autofill in Google Chrome prior to 97.0.4692.99 allowed a remote... Moderate Unreviewed
CVE-2022-0309 was published Feb 15, 2022
Kiteworks MFT 7.5 may allow an unauthorized user to reset other users' passwords. This is fixed... Moderate Unreviewed
CVE-2022-24110 was published Feb 15, 2022
Sangoma Technologies Corporation Switchvox Version 102409 is affected by an information... Moderate Unreviewed
CVE-2021-45310 was published Feb 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database