Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,871
Erlang
37
GitHub Actions
36
Go
2,504
Maven
5,000+
npm
4,149
NuGet
735
pip
3,949
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

567 advisories

Loading
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from... Moderate Unreviewed
CVE-2021-39892 was published Jan 19, 2022
An issue was discovered in Delta RM 1.2. Using the /risque/risque/ajax-details endpoint, with a... Moderate Unreviewed
CVE-2021-44838 was published Jan 19, 2022
The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any... Moderate Unreviewed
CVE-2021-1037 was published Jan 15, 2022
In gre_handle_offloads of ip_gre.c, there is a possible page fault due to an invalid memory... Moderate Unreviewed
CVE-2021-39633 was published Jan 15, 2022
In SAP NetWeaver AS for ABAP and ABAP Platform - versions 701, 702, 711, 730, 731, 740, 750, 751,... Moderate Unreviewed
CVE-2021-42067 was published Jan 15, 2022
Lack of validation for third party application accessing the service can lead to information... Moderate Unreviewed
CVE-2021-30314 was published Jan 14, 2022
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 as well as IBM Rational Team Concert 6... Moderate Unreviewed
CVE-2021-29701 was published Jan 12, 2022
Windows GDI+ Information Disclosure Vulnerability. This CVE ID is unique from CVE-2022-21880. Moderate Unreviewed
CVE-2022-21915 was published Jan 12, 2022
Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability. Moderate Unreviewed
CVE-2022-21964 was published Jan 12, 2022
The affected product is vulnerable to an improper access control, which may allow an... Moderate Unreviewed
CVE-2021-23173 was published Jan 11, 2022
In Beaver Builder through 2.5.0.3, attackers can bypass the visibility controls protection... Moderate Unreviewed
CVE-2021-42748 was published Jan 11, 2022
In Beaver Themer, attackers can bypass conditional logic controls (for hiding content) when... Moderate Unreviewed
CVE-2021-42749 was published Jan 11, 2022
SQL Injection in Apache Kylin Moderate
CVE-2021-36774 was published for org.apache.kylin:kylin (Maven) Jan 8, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
Improper handling of resource allocation in virtual machines can lead to information exposure in... Moderate Unreviewed
CVE-2021-1918 was published Jan 4, 2022
Telephony application has a Exposure of Sensitive Information to an Unauthorized Actor... Moderate Unreviewed
CVE-2021-39980 was published Jan 4, 2022
Certain NETGEAR devices are affected by an attacker's ability to read arbitrary files. This... Moderate Unreviewed
CVE-2021-45494 was published Dec 27, 2021
Inappropriate implementation in cache in Google Chrome prior to 96.0.4664.45 allowed a remote... Moderate Unreviewed
CVE-2021-38009 was published Dec 24, 2021
This issue was addressed with a new entitlement. This issue is fixed in macOS Mojave 10.14.6,... Moderate Unreviewed
CVE-2019-8702 was published Dec 24, 2021
A local file inclusion vulnerability exists in the Web Manager Applications and FsBrowse... Moderate Unreviewed
CVE-2021-21878 was published Dec 23, 2021
Malicious Atomix node queries expose sensitive information Moderate
CVE-2020-35215 was published for io.atomix:atomix (Maven) Dec 17, 2021
KNIME Server before 4.12.6 and 4.13.x before 4.13.4 (when installed in unattended mode) keeps the... Moderate Unreviewed
CVE-2021-45097 was published Dec 17, 2021
Visual Basic for Applications Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-42295 was published Dec 16, 2021
Microsoft Local Security Authority Server (lsasrv) Information Disclosure Vulnerability Moderate Unreviewed
CVE-2021-43216 was published Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database