Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,418 advisories

Loading
Unauthenticated Access Via OAI-PMH High
CVE-2020-5228 was published for org.opencastproject:opencast-oaipmh-api (Maven) Jan 30, 2020
Moderate severity vulnerability that affects org.apache.ranger:ranger Moderate
CVE-2017-7677 was published for org.apache.ranger:ranger (Maven) Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc Moderate
CVE-2018-1314 was published for org.apache.hive:hive-jdbc (Maven) Nov 21, 2018
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-4ph2-8337-hm62 was published for dynamodb-encryption-sdk (pip) Feb 8, 2021
Bypass of fix for CVE-2020-15247, Twig sandbox escape Low
CVE-2020-26231 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-w736-hf9p-qqh3 was published for com.amazonaws:aws-dynamodb-encryption-java (Maven) Feb 8, 2021
Generation of fake documents via public GET-call Low
GHSA-jvg4-9rc2-wvcr was published for shopware/platform (Composer) Feb 10, 2021
Flarum notifications can leak restricted content Moderate
CVE-2023-22488 was published for flarum/core (Composer) Jan 10, 2023
clarkwinkelmann
The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing... Moderate Unreviewed
CVE-2023-0402 was published Jan 19, 2023
Controller reconciles apps outside configured namespaces when sharding is enabled High
CVE-2023-22736 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
czchen crenshaw-dev
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials Moderate
CVE-2022-25211 was published for org.continuousassurance.swamp.jenkins:swamp (Maven) Feb 16, 2022
NotMyFault
The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in... Moderate Unreviewed
CVE-2021-24950 was published Mar 15, 2022
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF... Moderate Unreviewed
CVE-2021-24958 was published Mar 15, 2022
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious... Moderate Unreviewed
CVE-2021-45852 was published Mar 17, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of... Critical Unreviewed
CVE-2021-45878 was published Mar 22, 2022
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the... High Unreviewed
CVE-2022-27333 was published Mar 23, 2022
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected... Critical Unreviewed
CVE-2022-24595 was published Mar 19, 2022
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid... High Unreviewed
CVE-2021-3814 was published Mar 26, 2022
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access... High Unreviewed
CVE-2022-27658 was published Mar 29, 2022
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line... Critical Unreviewed
CVE-2021-45015 was published Dec 15, 2021
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html... Moderate Unreviewed
CVE-2021-44937 was published Dec 15, 2021
In Settings, there is a possible way to add an auto-connect WiFi network without the user's... High Unreviewed
CVE-2021-39768 was published Mar 31, 2022
In WindowManager, there is a possible way to start a foreground activity from the background due... High Unreviewed
CVE-2021-39758 was published Mar 31, 2022
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and... Moderate Unreviewed
CVE-2022-23183 was published Apr 1, 2022
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require... High Unreviewed
CVE-2021-34543 was published Dec 8, 2021
ProTip! Advisories are also available from the GraphQL API