GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
239 advisories
Filter by severity
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file...
Critical
Unreviewed
CVE-2021-42002
was published
May 24, 2022
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that...
Critical
Unreviewed
CVE-2021-3705
was published
May 24, 2022
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed...
Critical
Unreviewed
CVE-2021-35943
was published
May 24, 2022
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability...
Critical
Unreviewed
CVE-2021-20136
was published
May 24, 2022
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.
Critical
Unreviewed
CVE-2021-41591
was published
May 24, 2022
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.
Critical
Unreviewed
CVE-2021-41592
was published
May 24, 2022
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth,...
Critical
Unreviewed
CVE-2021-42837
was published
May 24, 2022
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and...
Critical
Unreviewed
CVE-2021-41873
was published
May 24, 2022
There is a flaw in the code used to configure the internal gateway firewall when the gateway's...
Critical
Unreviewed
CVE-2020-12030
was published
May 24, 2022
An access control issue in Linglong v1.0 allows attackers to access the background of the...
Critical
Unreviewed
CVE-2022-29633
was published
May 27, 2022
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access...
Critical
Unreviewed
CVE-2021-37421
was published
May 24, 2022
Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021...
Critical
Unreviewed
CVE-2021-25437
was published
May 24, 2022
Certain NETGEAR devices are affected by lack of access control at the function level. This...
Critical
Unreviewed
CVE-2021-38516
was published
May 24, 2022
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive...
Critical
Unreviewed
CVE-2020-18701
was published
May 24, 2022
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
Critical
Unreviewed
CVE-2021-30192
was published
May 24, 2022
A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to...
Critical
Unreviewed
CVE-2020-19301
was published
May 24, 2022
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code...
Critical
Unreviewed
CVE-2021-30503
was published
May 24, 2022
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an...
Critical
Unreviewed
CVE-2022-25237
was published
Jun 3, 2022
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product....
Critical
Unreviewed
CVE-2021-33346
was published
May 24, 2022
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit...
Critical
Unreviewed
CVE-2021-21730
was published
May 24, 2022
TrueStack Direct Connect 1.4.7 has Incorrect Access Control.
Critical
Unreviewed
CVE-2022-23775
was published
May 26, 2022
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A...
Critical
Unreviewed
CVE-2021-35336
was published
May 24, 2022
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote...
Critical
Unreviewed
CVE-2021-3044
was published
May 24, 2022
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
Critical
Unreviewed
CVE-2021-3332
was published
May 24, 2022
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip...
Critical
Unreviewed
CVE-2021-28506
was published
Jan 15, 2022
ProTip!
Advisories are also available from the
GraphQL API