Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,300 advisories

Loading
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing... Moderate Unreviewed
CVE-2021-39742 was published Mar 31, 2022
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr... Moderate Unreviewed
CVE-2022-1177 was published Mar 31, 2022
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on... Moderate Unreviewed
CVE-2022-26949 was published Mar 31, 2022
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to... Moderate Unreviewed
CVE-2021-38362 was published Apr 1, 2022
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7... Moderate Unreviewed
CVE-2022-0373 was published Apr 3, 2022
Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7... Moderate Unreviewed
CVE-2022-0390 was published Apr 3, 2022
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16. Moderate Unreviewed
CVE-2022-0406 was published Apr 4, 2022
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s):... Moderate Unreviewed
CVE-2022-23700 was published Apr 5, 2022
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide... Moderate Unreviewed
CVE-2022-27609 was published Apr 5, 2022
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to... Moderate Unreviewed
CVE-2022-27608 was published Apr 5, 2022
An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior... Moderate Unreviewed
CVE-2022-1105 was published Apr 5, 2022
Incorrect authorization in the Asana integration's branch restriction feature in all versions of... Moderate Unreviewed
CVE-2022-0740 was published Apr 5, 2022
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia... Moderate Unreviewed
CVE-2022-0837 was published Apr 5, 2022
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing... Moderate Unreviewed
CVE-2022-0825 was published Apr 5, 2022
The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check... Moderate Unreviewed
CVE-2022-0404 was published Apr 5, 2022
Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6. Moderate Unreviewed
CVE-2022-1224 was published Apr 5, 2022
Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6. Moderate Unreviewed
CVE-2022-1223 was published Apr 5, 2022
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local... Moderate Unreviewed
CVE-2022-28542 was published Apr 12, 2022
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to... Moderate Unreviewed
CVE-2022-27575 was published Apr 12, 2022
Improper access control in GitLab CE/EE versions 10.7 prior to 14.7.7, 10.8 prior to 14.8.5, and... Moderate Unreviewed
CVE-2022-1193 was published Apr 12, 2022
Apache Subversion SVN authz protected copyfrom paths regression Subversion servers reveal ... Moderate Unreviewed
CVE-2021-28544 was published Apr 13, 2022
Improper access controls in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and... Moderate Unreviewed
CVE-2020-25160 was published Apr 15, 2022
Incorrect Authorization in cross-fetch Moderate
CVE-2022-1365 was published for cross-fetch (npm) Apr 17, 2022
cysp
OSIsoft PI Vision 2020 versions prior to 3.5.0 could disclose information to a user with... Moderate Unreviewed
CVE-2020-25167 was published Apr 19, 2022
Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some... Moderate Unreviewed
CVE-2011-3617 was published Apr 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database