GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
1,911 advisories
Filter by severity
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker...
Low
Unreviewed
CVE-2022-28775
was published
Apr 12, 2022
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local...
Low
Unreviewed
CVE-2022-28777
was published
Apr 12, 2022
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core -...
High
Unreviewed
CVE-2022-20762
was published
Apr 7, 2022
Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6.
Moderate
Unreviewed
CVE-2022-1223
was published
Apr 5, 2022
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
Moderate
Unreviewed
CVE-2022-0405
was published
Apr 4, 2022
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF...
High
Unreviewed
CVE-2021-24905
was published
Mar 22, 2022
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up...
High
Unreviewed
CVE-2022-0815
was published
Mar 12, 2022
The public API error causes for the attacker to be able to bypass API access control.
Critical
Unreviewed
CVE-2022-23730
was published
Mar 12, 2022
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware...
Moderate
Unreviewed
CVE-2022-24930
was published
Mar 11, 2022
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models...
Low
Unreviewed
CVE-2022-25824
was published
Mar 11, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23...
Moderate
Unreviewed
CVE-2022-26317
was published
Mar 9, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23...
High
Unreviewed
CVE-2022-24309
was published
Mar 9, 2022
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1,...
Moderate
Unreviewed
CVE-2021-24824
was published
Mar 8, 2022
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to...
Moderate
Unreviewed
CVE-2021-24825
was published
Mar 8, 2022
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in...
High
Unreviewed
CVE-2021-25087
was published
Mar 8, 2022
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5.
Moderate
Unreviewed
CVE-2022-0755
was published
Mar 8, 2022
Improper Access Control to Remote Code Execution in GitHub repository webmin/webmin prior to 1.990.
High
Unreviewed
CVE-2022-0824
was published
Mar 3, 2022
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin...
Moderate
Unreviewed
CVE-2021-46270
was published
Mar 3, 2022
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in...
Moderate
Unreviewed
CVE-2021-24688
was published
Mar 1, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and...
Moderate
Unreviewed
CVE-2021-24730
was published
Mar 1, 2022
The backend infrastructure shared by multiple mobile device monitoring services does not...
High
Unreviewed
CVE-2022-0732
was published
Feb 25, 2022
Improper Access Control in librenms
High
CVE-2022-0580
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Istio may not check inbound TCP connections against istio-policy
High
CVE-2019-12243
was published
for
istio.io/istio
(Go)
Feb 15, 2022
ProTip!
Advisories are also available from the
GraphQL API