Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,005 advisories

Loading
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality.... High Unreviewed
CVE-2022-29855 was published May 12, 2022
Incorrect Authorization in Getahead Direct Web Remoting High
CVE-2007-0184 was published for org.directwebremoting:dwr (Maven) May 1, 2022
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by... High Unreviewed
CVE-2021-28501 was published Jan 15, 2022
Improper Privilege Management in Apache Hadoop High
CVE-2020-9492 was published for org.apache.hadoop:hadoop-common (Maven) Feb 9, 2022
Resource Exhaustion in Spring Security High
CVE-2021-22119 was published for org.springframework.security:spring-security-core (Maven) Jul 2, 2021
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12)... High Unreviewed
CVE-2022-29854 was published May 14, 2022
Any logged in user could edit any other logged in user. High
CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021
The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an... High Unreviewed
CVE-2021-3006 was published May 24, 2022
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.0.0... High Unreviewed
CVE-2021-27306 was published May 24, 2022
Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote... High Unreviewed
CVE-2021-20670 was published May 24, 2022
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without... High Unreviewed
CVE-2020-26557 was published May 24, 2022
The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access... High Unreviewed
CVE-2021-32460 was published May 24, 2022
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security... High Unreviewed
CVE-2020-4495 was published May 24, 2022
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. High Unreviewed
CVE-2021-25417 was published May 24, 2022
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all... High Unreviewed
CVE-2021-27474 was published Mar 24, 2022
The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to... High Unreviewed
CVE-2021-29658 was published May 24, 2022
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible... High Unreviewed
CVE-2021-30127 was published May 24, 2022
Incorrect access control in zam64.sys, zam32.sys in MalwareFox AntiMalware 2.74.0.150 allows a... High Unreviewed
CVE-2021-31728 was published May 24, 2022
Under certain conditions, SAP Business One Chef cookbook, version - 9.2, 9.3, 10.0, used to... High Unreviewed
CVE-2021-27613 was published May 24, 2022
There is an Improper Access Control vulnerability in Huawei Smartphone. Successful exploitation... High Unreviewed
CVE-2021-22334 was published May 24, 2022
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us)... High Unreviewed
CVE-2021-34203 was published May 24, 2022
An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1... High Unreviewed
CVE-2021-25412 was published May 24, 2022
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink... High Unreviewed
CVE-2021-25374 was published May 24, 2022
Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99... High Unreviewed
CVE-2021-3512 was published May 24, 2022
In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns... High Unreviewed
CVE-2020-22784 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database