GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
179 advisories
Filter by severity
An authorization bypass and PHP local-file-include vulnerability in the installation component of...
Critical
Unreviewed
CVE-2020-7472
was published
May 24, 2022
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to...
Critical
Unreviewed
CVE-2020-26822
was published
May 24, 2022
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to...
Critical
Unreviewed
CVE-2020-26821
was published
May 24, 2022
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to...
Critical
Unreviewed
CVE-2020-26824
was published
May 24, 2022
The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by...
Critical
Unreviewed
CVE-2020-35219
was published
May 24, 2022
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain...
Critical
Unreviewed
CVE-2020-28036
was published
May 24, 2022
An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is...
Critical
Unreviewed
CVE-2020-29551
was published
May 24, 2022
A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s):...
Critical
Unreviewed
CVE-2020-7124
was published
May 24, 2022
A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older),...
Critical
Unreviewed
CVE-2020-28215
was published
May 24, 2022
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php...
Critical
Unreviewed
CVE-2020-29006
was published
May 24, 2022
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting...
Critical
Unreviewed
CVE-2020-11856
was published
May 24, 2022
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to...
Critical
Unreviewed
CVE-2020-26823
was published
May 24, 2022
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system....
Critical
Unreviewed
CVE-2019-19885
was published
May 24, 2022
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an...
Critical
Unreviewed
CVE-2020-4499
was published
May 24, 2022
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain...
Critical
Unreviewed
CVE-2022-35293
was published
Aug 11, 2022
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily...
Critical
Unreviewed
CVE-2020-20944
was published
Dec 28, 2021
LRM does not implement authentication or authorization by default. A malicious actor can inject,...
Critical
Unreviewed
CVE-2022-1521
was published
Jun 25, 2022
It has been discovered that redhat-certification does not perform an authorization check and it...
Critical
Unreviewed
CVE-2018-10866
was published
May 24, 2022
File Deletion vulnerability in Halo 0.4.3 via delBackup.
Critical
Unreviewed
CVE-2020-19038
was published
May 24, 2022
An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This...
Critical
Unreviewed
CVE-2020-25359
was published
May 24, 2022
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5...
Critical
Unreviewed
CVE-2020-36239
was published
May 24, 2022
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could...
Critical
Unreviewed
CVE-2020-4926
was published
May 25, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of...
Critical
Unreviewed
CVE-2018-4059
was published
May 13, 2022
There is an improper verification vulnerability in smartphones. Successful exploitation of this...
Critical
Unreviewed
CVE-2021-22448
was published
Feb 26, 2022
Hospital Management System v1.0 was discovered to lack an authorization component, allowing...
Critical
Unreviewed
CVE-2022-26546
was published
Apr 1, 2022
ProTip!
Advisories are also available from the
GraphQL API