Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,039
Erlang
29
GitHub Actions
18
Go
1,864
Maven
5,000+
npm
3,587
NuGet
636
pip
3,176
Pub
10
RubyGems
852
Rust
805
Swift
34
Unreviewed advisories
All unreviewed
5,000+

477 advisories

An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables... Moderate Unreviewed
CVE-2022-0027 was published May 12, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher Moderate
CVE-2021-36784 was published for github.com/rancher/rancher (Go) May 2, 2022
Write access to the catalog for any user when restricted-admin role is enabled in Rancher High
CVE-2021-4200 was published for github.com/rancher/rancher (Go) May 2, 2022
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level... High Unreviewed
CVE-2021-43939 was published Apr 29, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows... Critical Unreviewed
CVE-2022-0993 was published Apr 20, 2022
go.etcd.io/etcd Authentication Bypass High
CVE-2018-16886 was published for go.etcd.io/etcd (Go) Apr 12, 2022
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker... High Unreviewed
CVE-2022-28776 was published Apr 12, 2022
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. Moderate Unreviewed
CVE-2022-0821 was published Mar 12, 2022
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Improper Authorization in cobbler High
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf
Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Moderate Unreviewed
CVE-2022-0756 was published Mar 8, 2022
Improper Authorization in GitHub repository webmin/webmin prior to 1.990. High Unreviewed
CVE-2022-0829 was published Mar 3, 2022
Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Moderate Unreviewed
CVE-2022-0726 was published Feb 24, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21196 was published Feb 19, 2022
Improper Authorization in librenms High
CVE-2022-0587 was published for librenms/librenms (Composer) Feb 16, 2022
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman
Arbitrary File Override in Docker Engine Moderate
CVE-2015-3631 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted
Information Exposure in Docker Engine High
CVE-2015-3630 was published for github.com/docker/docker (Go) Feb 15, 2022
neersighted
Access Restriction Bypass in Docker Moderate
CVE-2014-6408 was published for github.com/docker/docker (Go) Feb 15, 2022
Arbitrary Code Execution High
CVE-2014-9357 was published for github.com/docker/docker (Go) Feb 15, 2022
Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers... Moderate Unreviewed
CVE-2022-24002 was published Feb 12, 2022
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by... High Unreviewed
CVE-2021-28500 was published Jan 15, 2022
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to... Low Unreviewed
CVE-2022-22272 was published Jan 11, 2022
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app... High Unreviewed
CVE-2022-22288 was published Jan 11, 2022
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to... High Unreviewed
CVE-2021-24739 was published Dec 22, 2021
ProTip! Advisories are also available from the GraphQL API