Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
1,998
Maven
5,000+
npm
3,710
NuGet
661
pip
3,364
Pub
11
RubyGems
885
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,363 advisories

Loading
Improper Access Control in librenms High
CVE-2022-0580 was published for librenms/librenms (Composer) Feb 16, 2022
Authorization bypass in Istio Moderate
CVE-2020-16844 was published for istio.io/istio (Go) Feb 15, 2022
Access Restriction Bypass in kubernetes High
CVE-2016-1905 was published for github.com/kubernetes/kubernetes (Go) Feb 15, 2022
Duplicate Advisory: Incorrect Access Control in github.com/nats-io/jwt and github.com/nats-io/nats-server/v2 High
GHSA-9r5x-fjv3-q6h4 was published for github.com/nats-io/jwt (Go) Feb 15, 2022 withdrawn
Istio may not check inbound TCP connections against istio-policy High
CVE-2019-12243 was published for istio.io/istio (Go) Feb 15, 2022
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
Incorrect Authorization in Drupal core Moderate
CVE-2020-13676 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Drupal core access bypass vulnerability High
CVE-2020-13677 was published for drupal/core (Composer) Feb 12, 2022
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12)... Moderate Unreviewed
CVE-2022-23433 was published Feb 12, 2022
An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to... Moderate Unreviewed
CVE-2022-23994 was published Feb 12, 2022
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a... Moderate Unreviewed
CVE-2022-24924 was published Feb 12, 2022
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China... Low Unreviewed
CVE-2022-24923 was published Feb 12, 2022
An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111... High Unreviewed
CVE-2022-21825 was published Feb 11, 2022
After the initial setup process, some steps of setup.php file are reachable not only by super... Moderate Unreviewed
CVE-2022-23134 was published Feb 9, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress... Moderate Unreviewed
CVE-2021-25084 was published Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a... Moderate Unreviewed
CVE-2022-21816 was published Feb 8, 2022
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper... Moderate Unreviewed
CVE-2022-21813 was published Feb 8, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in... Moderate Unreviewed
CVE-2021-25097 was published Feb 2, 2022
Incorrect Authorization in calibreweb High
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Missing Authorization in Crater Invoice Moderate
CVE-2022-0203 was published for bytefury/crater (Composer) Jan 27, 2022
Improper Access Control in snipe-it Moderate
CVE-2022-0178 was published for snipe/snipe-it (Composer) Jan 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database