Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,256 advisories

Loading
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata. Critical Unreviewed
CVE-2022-26279 was published Mar 26, 2022
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart... Moderate Unreviewed
CVE-2021-20290 was published Mar 26, 2022
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen... Critical Unreviewed
CVE-2022-26629 was published Mar 25, 2022
Rockwell Automation FactoryTalk AssetCentre v10.00 and earlier does not properly restrict all... High Unreviewed
CVE-2021-27474 was published Mar 24, 2022
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one... High Unreviewed
CVE-2022-0981 was published Mar 24, 2022
The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF... High Unreviewed
CVE-2021-24905 was published Mar 22, 2022
This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and... High Unreviewed
CVE-2022-22618 was published Mar 19, 2022
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed... High Unreviewed
CVE-2022-25364 was published Mar 18, 2022
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). Critical Unreviewed
CVE-2022-26501 was published Mar 18, 2022
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an... Moderate Unreviewed
CVE-2021-38971 was published Mar 15, 2022
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension... High Unreviewed
CVE-2022-24128 was published Mar 14, 2022
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a... High Unreviewed
CVE-2021-41850 was published Mar 13, 2022
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. Moderate Unreviewed
CVE-2022-0821 was published Mar 12, 2022
The public API error causes for the attacker to be able to bypass API access control. Critical Unreviewed
CVE-2022-23730 was published Mar 12, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the "... High Unreviewed
CVE-2021-42855 was published Mar 11, 2022
Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates... Critical Unreviewed
CVE-2022-24609 was published Mar 11, 2022
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware... Moderate Unreviewed
CVE-2022-24930 was published Mar 11, 2022
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022... High Unreviewed
CVE-2022-24931 was published Mar 11, 2022
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote... High Unreviewed
CVE-2022-25214 was published Mar 11, 2022
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote... Moderate Unreviewed
CVE-2022-25215 was published Mar 11, 2022
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business... Critical Unreviewed
CVE-2022-26143 was published Mar 11, 2022
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1,... Moderate Unreviewed
CVE-2021-24824 was published Mar 8, 2022
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user... Moderate Unreviewed
CVE-2022-0442 was published Mar 8, 2022
Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Moderate Unreviewed
CVE-2022-0756 was published Mar 8, 2022
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered... Moderate Unreviewed
CVE-2021-3658 was published Mar 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database