GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,152
Erlang
30
GitHub Actions
19
Go
1,956
Maven
5,000+
npm
3,692
NuGet
652
pip
3,308
Pub
11
RubyGems
881
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
523 advisories
Filter by severity
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3...
Critical
Unreviewed
CVE-2016-6825
was published
May 17, 2022
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting...
High
Unreviewed
CVE-2022-2536
was published
Dec 15, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP...
High
Unreviewed
CVE-2021-24188
was published
May 24, 2022
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level...
High
Unreviewed
CVE-2021-43939
was published
Apr 29, 2022
A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical...
High
Unreviewed
CVE-2022-4879
was published
Jan 6, 2023
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to...
High
Unreviewed
CVE-2017-8409
was published
May 24, 2022
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed
High
CVE-2022-4147
was published
for
io.quarkus:quarkus-vertx-http
(Maven)
Dec 6, 2022
A vulnerability, which was classified as problematic, has been found in Click Studios...
Moderate
Unreviewed
CVE-2022-3876
was published
Dec 19, 2022
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP...
Moderate
Unreviewed
CVE-2022-3187
was published
Dec 22, 2022
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated...
Critical
Unreviewed
CVE-2021-42338
was published
May 24, 2022
The permission control of AIFU cashier management salary query function can be bypassed, thus...
Moderate
Unreviewed
CVE-2021-42337
was published
May 24, 2022
OpenFGA Authorization Bypass
High
CVE-2022-23542
was published
for
github.com/openfga/openfga
(Go)
Dec 20, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
High
CVE-2022-31167
was published
for
org.xwiki.platform:xwiki-platform-security
(Maven)
Sep 20, 2022
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in...
High
Unreviewed
CVE-2022-4701
was published
Jan 10, 2023
A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This...
Moderate
Unreviewed
CVE-2015-10033
was published
Jan 9, 2023
Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial...
Moderate
Unreviewed
CVE-2020-6311
was published
May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT...
Critical
Unreviewed
CVE-2020-12500
was published
May 24, 2022
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017...
Moderate
Unreviewed
CVE-2020-24431
was published
May 24, 2022
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure...
High
Unreviewed
CVE-2020-27779
was published
May 24, 2022
Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged...
High
Unreviewed
CVE-2022-2661
was published
Aug 17, 2022
Malicious takeover of previously owned ENS names
High
CVE-2020-5232
was published
for
@ensdomains/ens
(npm)
Jan 30, 2020
A vulnerability was found in Moodle affecting 3.7 to 3.7.1, 3.6 to 3.6.5, 3.5 to 3.5.7 and...
Moderate
Unreviewed
CVE-2019-14828
was published
May 24, 2022
Missing permission checks in Jenkins Sounds Plugin allow OS command execution
High
CVE-2020-2097
was published
for
org.jenkins-ci.plugins:sounds
(Maven)
May 24, 2022
The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34...
High
Unreviewed
CVE-2021-24311
was published
May 24, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003004
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API