Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

325 advisories

Loading
Certain NETGEAR devices are affected by lack of access control at the function level. This... Critical Unreviewed
CVE-2021-38516 was published May 24, 2022
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive... Critical Unreviewed
CVE-2020-18701 was published May 24, 2022
Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021... Critical Unreviewed
CVE-2021-25437 was published May 24, 2022
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access... Critical Unreviewed
CVE-2021-37421 was published May 24, 2022
An access control issue in Linglong v1.0 allows attackers to access the background of the... Critical Unreviewed
CVE-2022-29633 was published May 27, 2022
There is a flaw in the code used to configure the internal gateway firewall when the gateway's... Critical Unreviewed
CVE-2020-12030 was published May 24, 2022
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and... Critical Unreviewed
CVE-2021-41873 was published May 24, 2022
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth,... Critical Unreviewed
CVE-2021-42837 was published May 24, 2022
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41591 was published May 24, 2022
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure. Critical Unreviewed
CVE-2021-41592 was published May 24, 2022
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability... Critical Unreviewed
CVE-2021-20136 was published May 24, 2022
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed... Critical Unreviewed
CVE-2021-35943 was published May 24, 2022
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that... Critical Unreviewed
CVE-2021-3705 was published May 24, 2022
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file... Critical Unreviewed
CVE-2021-42002 was published May 24, 2022
Improper Authorization in Apache Shiro Critical
CVE-2022-32532 was published for org.apache.shiro:shiro-core (Maven) Jun 30, 2022
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI... Critical Unreviewed
CVE-2022-32295 was published Jul 2, 2022
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88... Critical Unreviewed
CVE-2022-1309 was published Jul 26, 2022
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file ... Critical Unreviewed
CVE-2022-26479 was published Jul 18, 2022
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17.... Critical Unreviewed
CVE-2022-35890 was published Jul 16, 2022
The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this... Critical Unreviewed
CVE-2022-37002 was published Aug 11, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains a vulnerability which allows... Critical Unreviewed
CVE-2022-37176 was published Aug 31, 2022
The mobile application in Transtek Mojodat FAM (Fixed Asset Management) 2.4.6 allows remote... Critical Unreviewed
CVE-2022-38768 was published Sep 14, 2022
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation... Critical Unreviewed
CVE-2020-28872 was published May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical
CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022
westonsteimel
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to... Critical Unreviewed
CVE-2021-38503 was published Dec 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database