Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

325 advisories

Loading
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics... Critical Unreviewed
CVE-2017-9653 was published May 13, 2022
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization... Critical Unreviewed
CVE-2018-1000155 was published May 13, 2022
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports... Critical Unreviewed
CVE-2018-18815 was published May 13, 2022
WebExtensions bundled with embedded experiments were not correctly checked for proper... Critical Unreviewed
CVE-2018-12369 was published May 13, 2022
In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the... Critical Unreviewed
CVE-2018-19515 was published May 13, 2022
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to... Critical Unreviewed
CVE-2018-13324 was published May 13, 2022
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network... Critical Unreviewed
CVE-2018-7245 was published May 13, 2022
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an... Critical Unreviewed
CVE-2019-7304 was published May 24, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN... Critical Unreviewed
CVE-2021-20149 was published Dec 31, 2021
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services... Critical Unreviewed
CVE-2022-22157 was published Jan 20, 2022
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services... Critical Unreviewed
CVE-2022-22167 was published Jan 20, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized... Critical Unreviewed
CVE-2020-4877 was published Jan 22, 2022
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not... Critical Unreviewed
CVE-2022-24307 was published Feb 10, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21141 was published Feb 19, 2022
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments Critical
CVE-2022-0482 was published for alextselegidis/easyappointments (Composer) Mar 10, 2022
Access Control vulnerability within CoreNLP Critical
CVE-2021-44550 was published for edu.stanford.nlp:stanford-corenlp (Maven) Feb 25, 2022
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because... Critical Unreviewed
CVE-2022-24306 was published Mar 3, 2022
JWT audience claim is not verified Critical
CVE-2023-22482 was published for github.com/argoproj/argo-cd (Go) Jan 25, 2023
farcaller
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform... Critical Unreviewed
CVE-2017-7470 was published May 13, 2022
An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can... Critical Unreviewed
CVE-2022-45172 was published Jan 31, 2023
Users with any cluster secret update access may update out-of-bounds cluster secrets Critical
CVE-2023-23947 was published for github.com/argoproj/argo-cd (Go) Feb 16, 2023
crenshaw-dev
In Boa, there is a possible escalation of privilege due to a missing permission check. This could... Critical Unreviewed
CVE-2021-31577 was published Feb 7, 2023
Privilege escalation in MOSN Critical
CVE-2021-32163 was published for mosn.io/mosn (Go) Feb 17, 2023
An improper authorization vulnerability [CWE-285] in Fortinet FortiNAC version 9.4.0 through 9.4... Critical Unreviewed
CVE-2022-38375 was published Feb 16, 2023
TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. Critical Unreviewed
CVE-2023-23064 was published Feb 18, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database