Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,781 advisories

Loading
Incorrect Authorization in Undertow Moderate
CVE-2017-12196 was published for io.undertow:undertow-core (Maven) May 13, 2022
Incorrect Authorization in Jenkins Moderate
CVE-2018-1999047 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not... Moderate Unreviewed
CVE-2022-24189 was published Nov 29, 2022
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by... High Unreviewed
CVE-2021-28501 was published Jan 15, 2022
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip... Critical Unreviewed
CVE-2021-28506 was published Jan 15, 2022
Improper Privilege Management in Apache Hadoop High
CVE-2020-9492 was published for org.apache.hadoop:hadoop-common (Maven) Feb 9, 2022
Resource Exhaustion in Spring Security High
CVE-2021-22119 was published for org.springframework.security:spring-security-core (Maven) Jul 2, 2021
Incorrect Authorization in Jenkins Git Plugin Moderate
CVE-2018-1000110 was published for org.jenkins-ci.plugins:git (Maven) May 13, 2022
A vulnerability in Mitel 6900 Series IP (MiNet) phones excluding 6970, versions 1.8 (1.8.0.12)... High Unreviewed
CVE-2022-29854 was published May 14, 2022
Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be... Moderate Unreviewed
CVE-2022-28774 was published May 12, 2022
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 7.0.3.0, and 7.0.4.0 could allow an authenticated... Moderate Unreviewed
CVE-2020-4482 was published May 24, 2022
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS) and... Moderate Unreviewed
CVE-2021-25229 was published May 24, 2022
Users are able to read group conversations without actively taking part in them. Next to one to... Moderate Unreviewed
CVE-2021-27772 was published May 13, 2022
An improper access control vulnerability in Worry-Free Business Security 10.0 SP1 could allow an... Moderate Unreviewed
CVE-2021-25244 was published May 24, 2022
Improper access control vulnerability in SolarView Compact SV-CPT-MC310 prior to Ver.6.5 allows... Moderate Unreviewed
CVE-2021-20657 was published May 24, 2022
An improper access control vulnerability in FortiProxy SSL VPN portal 2.0.0, 1.2.9 and below... Moderate Unreviewed
CVE-2021-22128 was published May 24, 2022
GitLab before version 13.3.4 was vulnerable to an OAuth authorization scope change without user... Moderate Unreviewed
CVE-2020-13300 was published May 24, 2022
An issue was discovered in Hyland OnBase through 18.0.0.32 and 19.x through 19.8.9.1000. Client... Moderate Unreviewed
CVE-2020-25251 was published May 24, 2022
Any logged in user could edit any other logged in user. High
CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021
Duplicate advisory: Configuration exposure in github.com/coreos/ignition Moderate
GHSA-mjqc-5c9x-xfcc was published for github.com/coreos/ignition/v2 (Go) May 18, 2022 withdrawn
NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode... Moderate Unreviewed
CVE-2021-1055 was published May 24, 2022
An improper access control information disclosure vulnerability in Trend Micro Apex One, Apex One... Moderate Unreviewed
CVE-2021-25246 was published May 24, 2022
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is... Moderate Unreviewed
CVE-2020-11753 was published May 24, 2022
Improper Authorization vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to... Moderate Unreviewed
CVE-2020-7300 was published May 24, 2022
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. Critical Unreviewed
CVE-2021-3332 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database