Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,713
NuGet
661
pip
3,386
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,367 advisories

Loading
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in... Moderate Unreviewed
CVE-2021-25097 was published Feb 2, 2022
Incorrect Authorization in calibreweb High
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Missing Authorization in Crater Invoice Moderate
CVE-2022-0203 was published for bytefury/crater (Composer) Jan 27, 2022
Improper Access Control in snipe-it Moderate
CVE-2022-0178 was published for snipe/snipe-it (Composer) Jan 26, 2022
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers... High Unreviewed
CVE-2022-0270 was published Jan 26, 2022
The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor... Moderate Unreviewed
CVE-2021-24733 was published Jan 25, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed
CVE-2021-24906 was published Jan 25, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it Moderate
CVE-2022-0179 was published for snipe/snipe-it (Composer) Jan 21, 2022
peertube is vulnerable to Improper Access Control Moderate Unreviewed
CVE-2022-0170 was published Jan 12, 2022
peertube is vulnerable to Improper Access Control High Unreviewed
CVE-2022-0133 was published Jan 11, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
BookStack is vulnerable to Improper Access Control. Moderate
CVE-2021-4119 was published for ssddanbrown/bookstack (Composer) Dec 16, 2021
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with... Moderate Unreviewed
CVE-2021-24845 was published Dec 14, 2021
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user... Moderate Unreviewed
CVE-2021-24859 was published Dec 14, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to... High Unreviewed
CVE-2020-10627 was published Dec 2, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24703 was published Nov 24, 2021
Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation... High Unreviewed
CVE-2021-43019 was published Nov 24, 2021
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a... Moderate Unreviewed
CVE-2021-26262 was published Nov 20, 2021
Incorrect Access Control in Ignition Critical
CVE-2021-43996 was published for facade/ignition (Composer) Nov 19, 2021
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server Moderate
CVE-2021-22565 was published for github.com/google/exposure-notifications-verification-server (Go) Nov 10, 2021
sethvargo
Improper Access Control in jupyterhub-firstuseauthenticator Critical
CVE-2021-41194 was published for jupyterhub-firstuseauthenticator (pip) Oct 28, 2021
georgejhunt
Improper Access Control in github.com/treeverse/lakefs Moderate
GHSA-m836-gxwq-j2pm was published for github.com/treeverse/lakefs (Go) Oct 28, 2021
eden-ohana tdunlap607
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database