Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,121
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,018
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,005 advisories

Loading
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one... High Unreviewed
CVE-2022-0981 was published Mar 24, 2022
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all... High Unreviewed
CVE-2021-27474 was published Mar 24, 2022
Incorrect Authorization in imgcrypt High
CVE-2022-24778 was published for github.com/containerd/imgcrypt (Go) Mar 28, 2022
dimitar-dimitrow
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy... High Unreviewed
CVE-2021-3456 was published Mar 31, 2022
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing... High Unreviewed
CVE-2021-39790 was published Mar 31, 2022
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission... High Unreviewed
CVE-2022-20002 was published Mar 31, 2022
In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This... High Unreviewed
CVE-2021-39789 was published Mar 31, 2022
In PackageManager, there is a possible way to change the splash screen theme of other apps due to... High Unreviewed
CVE-2021-39750 was published Mar 31, 2022
In WindowManager, there is a possible way to start non-exported and protected activities due to a... High Unreviewed
CVE-2021-39749 was published Mar 31, 2022
In PackageManager, there is a possible way to update the last usage time of another package due... High Unreviewed
CVE-2021-39743 was published Mar 31, 2022
Incorrect access control in NexusPHP 1.5.beta5.20120707 allows unauthorized attackers to access... High Unreviewed
CVE-2020-24771 was published Mar 31, 2022
Access Control vulnerability in Dolibarr High
CVE-2021-37517 was published for dolibarr/dolibarr (Composer) Apr 1, 2022
Rockwell Automation FactoryTalk Services Platform v6.11 and earlier, if FactoryTalk Security is... High Unreviewed
CVE-2021-32960 was published Apr 3, 2022
On Arista Strata family products which have “TCAM profile” feature enabled when Port IPv4 access... High Unreviewed
CVE-2021-28504 was published Apr 3, 2022
Xerox ColorQube 8580 was discovered to contain an access control issue which allows attackers to... High Unreviewed
CVE-2022-26572 was published Apr 5, 2022
Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to... High Unreviewed
CVE-2022-25584 was published Apr 6, 2022
A vulnerability in the Common Execution Environment (CEE) ConfD CLI of Cisco Ultra Cloud Core -... High Unreviewed
CVE-2022-20762 was published Apr 7, 2022
An unauthorized file creation vulnerability in Telesquare TLR-2855KS6 via PUT method can allow... High Unreviewed
CVE-2021-46418 was published Apr 8, 2022
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker... High Unreviewed
CVE-2022-28776 was published Apr 12, 2022
Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to... High Unreviewed
CVE-2022-27838 was published Apr 12, 2022
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation... High Unreviewed
CVE-2022-22254 was published Apr 12, 2022
An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS... High Unreviewed
CVE-2021-37292 was published Apr 12, 2022
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper... High Unreviewed
CVE-2022-0920 was published Apr 12, 2022
Untrusted users can modify some Pipeline libraries in Jenkins Pipeline: Deprecated Groovy Libraries Plugin High
CVE-2022-29047 was published for org.jenkins-ci.plugins.workflow:workflow-cps-global-lib (Maven) Apr 13, 2022
NotMyFault
In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a... High Unreviewed
CVE-2021-0694 was published Apr 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database