Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,910 advisories

Loading
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows Moderate Unreviewed
CVE-2020-13938 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command... Moderate Unreviewed
CVE-2021-23204 was published May 24, 2022
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a... Critical Unreviewed
CVE-2021-26990 was published May 24, 2022
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise... Critical Unreviewed
CVE-2021-36888 was published Dec 16, 2021
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24968 was published Jan 25, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
Istio before 1.8.6 and 1.9.x before 1.9.5, when a gateway is using the AUTO_PASSTHROUGH routing... Critical Unreviewed
CVE-2021-31921 was published May 24, 2022
SAP Payment Engine version 500, does not perform necessary authorization checks for an... High Unreviewed
CVE-2021-21487 was published May 24, 2022
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a... Low Unreviewed
CVE-2021-26988 was published May 24, 2022
The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an... Moderate Unreviewed
CVE-2021-32093 was published May 24, 2022
U.S. National Security Agency (NSA) Emissary 5.9.0 allows an authenticated user to delete... High Unreviewed
CVE-2021-32095 was published May 24, 2022
In onReceive of NetInitiatedActivity.java, there is a possible way to supply an attacker... High Unreviewed
CVE-2021-0547 was published May 24, 2022
In LabCup before <v2_next_18022, it is possible to use the save API to perform unauthorized... Low Unreviewed
CVE-2021-33031 was published May 24, 2022
In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high... Moderate Unreviewed
CVE-2021-32015 was published May 24, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed
CVE-2021-25013 was published Jan 25, 2022
In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID,... Low Unreviewed
CVE-2021-25755 was published May 24, 2022
SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an... Moderate Unreviewed
CVE-2021-27609 was published May 24, 2022
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php... Moderate Unreviewed
CVE-2020-29604 was published May 24, 2022
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented... Critical Unreviewed
CVE-2020-4669 was published May 24, 2022
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by... Moderate Unreviewed
CVE-2021-32917 was published May 24, 2022
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with... Low Unreviewed
CVE-2021-1755 was published May 24, 2022
On versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.3, and 14.1.x before 14.1.4, BIG-IP... High Unreviewed
CVE-2021-23014 was published May 24, 2022
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to... High Unreviewed
CVE-2020-18888 was published May 24, 2022
A vulnerability in exacqVision Web Service 20.12.2.0 and prior could allow an unauthenticated... High Unreviewed
CVE-2021-27656 was published May 24, 2022
The BW Database Interface does not perform necessary authorization checks for an authenticated... Moderate Unreviewed
CVE-2021-21468 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database