Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,869
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,122
NuGet
735
pip
3,942
Pub
12
RubyGems
945
Rust
1,020
Swift
39
Unreviewed advisories
All unreviewed
5,000+

2,780 advisories

Loading
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows... Moderate Unreviewed
CVE-2021-20625 was published May 24, 2022
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an... Moderate Unreviewed
CVE-2021-20624 was published May 24, 2022
HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting... Moderate Unreviewed
CVE-2021-3153 was published May 24, 2022
The breed function in the smart contract implementation for Farm in Seal Finance (Seal), an... High Unreviewed
CVE-2021-3006 was published May 24, 2022
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows... Moderate Unreviewed
CVE-2021-20633 was published May 24, 2022
An improper access control vulnerability in the JWT plugin in Kong Gateway prior to 2.3.0.0... High Unreviewed
CVE-2021-27306 was published May 24, 2022
Encoded URIs can access WEB-INF directory in Eclipse Jetty Moderate
CVE-2021-34429 was published for org.eclipse.jetty:jetty-webapp (Maven) Jul 19, 2021
cangqingzhe lachlan-roberts
An improper access control vulnerability in Trend Micro Apex One (on-prem and SaaS), OfficeScan... Moderate Unreviewed
CVE-2021-25228 was published May 24, 2022
Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband... Moderate Unreviewed
CVE-2021-3511 was published May 24, 2022
Improper access control vulnerability in NEC Aterm WG2600HS firmware Ver1.5.1 and earlier, and... Moderate Unreviewed
CVE-2021-20712 was published May 24, 2022
Unconstrained Web access to the device's private encryption key in the QR code pairing mode in... Moderate Unreviewed
CVE-2021-27941 was published May 24, 2022
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation... Moderate Unreviewed
CVE-2021-24836 was published Dec 14, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows... Moderate Unreviewed
CVE-2021-20626 was published May 24, 2022
Improper access control vulnerability in GROWI versions v4.2.2 and earlier allows a remote... High Unreviewed
CVE-2021-20670 was published May 24, 2022
Mesh Provisioning in the Bluetooth Mesh profile 1.0 and 1.0.1 may permit a nearby device (without... High Unreviewed
CVE-2020-26557 was published May 24, 2022
The Trend Micro Maximum Security 2021 (v17) consumer product is vulnerable to an improper access... High Unreviewed
CVE-2021-32460 was published May 24, 2022
IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to bypass security... High Unreviewed
CVE-2020-4495 was published May 24, 2022
Insufficient policy enforcement in Content Security Policy in Google Chrome prior to 91.0.4472.77... Moderate Unreviewed
CVE-2021-30531 was published May 24, 2022
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage. High Unreviewed
CVE-2021-25417 was published May 24, 2022
Android WebView Universal Cross-site Scripting Moderate
CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020
alesandroortiz
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all... High Unreviewed
CVE-2021-27474 was published Mar 24, 2022
The unofficial vscode-rufo extension before 0.0.4 for Visual Studio Code allows attackers to... High Unreviewed
CVE-2021-29658 was published May 24, 2022
TerraMaster F2-210 devices through 2021-04-03 use UPnP to make the admin web server accessible... High Unreviewed
CVE-2021-30127 was published May 24, 2022
This issue was addressed with improved checks to prevent unauthorized actions. This issue is... Moderate Unreviewed
CVE-2022-22663 was published May 27, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database