Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,910 advisories

Loading
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, the lack of capability... Moderate Unreviewed
CVE-2021-24355 was published May 24, 2022
In the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, a lack of capability... High Unreviewed
CVE-2021-24356 was published May 24, 2022
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers... Moderate Unreviewed
CVE-2022-30731 was published Jun 8, 2022
It has been discovered that redhat-certification does not perform an authorization check and... High Unreviewed
CVE-2018-10865 was published May 24, 2022
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX... High Unreviewed
CVE-2022-1777 was published Jun 14, 2022
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote... High Unreviewed
CVE-2021-1505 was published May 24, 2022
Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older initiate SSH... Moderate Unreviewed
CVE-2021-20989 was published May 24, 2022
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access... High Unreviewed
CVE-2020-17517 was published May 24, 2022
The export_data function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4... High Unreviewed
CVE-2021-24352 was published May 24, 2022
An issue was discovered in Couchbase Server before 7.0.4. The Index Service does not enforce... High Unreviewed
CVE-2022-32557 was published Jun 15, 2022
Missing authorization vulnerability in the system components. Successful exploitation of this... Moderate Unreviewed
CVE-2022-31752 was published Jun 14, 2022
Go before 1.15.12 and 1.16.x before 1.16.5 acts as an Unintended Proxy or Intermediary. Moderate Unreviewed
CVE-2021-33197 was published May 24, 2022
The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as... Moderate Unreviewed
CVE-2022-0745 was published Jun 14, 2022
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via... High Unreviewed
CVE-2021-37764 was published Jun 17, 2022
LRM does not implement authentication or authorization by default. A malicious actor can inject,... Critical Unreviewed
CVE-2022-1521 was published Jun 25, 2022
Affected devices do not properly authorize the change password function of the web interface.... High Unreviewed
CVE-2022-31765 was published Oct 11, 2022
WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a... High Unreviewed
CVE-2021-42359 was published May 24, 2022
There is an missing authorization issue in the system service. Since the component does not have... High Unreviewed
CVE-2022-20430 was published Oct 12, 2022
There is an missing authorization issue in the system service. Since the component does not have... High Unreviewed
CVE-2022-20431 was published Oct 12, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
A vulnerability in the web-based management interface of Cisco AppDynamics Controller Software... Moderate Unreviewed
CVE-2022-20736 was published Jun 16, 2022
Missing access control in the backup system of Telesoft VitalPBX before 3.2.1 allows attackers to... Moderate Unreviewed
CVE-2022-29330 was published Jun 25, 2022
There is an missing authorization issue in the system service. Since the component does not have... High Unreviewed
CVE-2022-20432 was published Oct 12, 2022
There is an missing authorization issue in the system service. Since the component does not have... High Unreviewed
CVE-2022-20434 was published Oct 12, 2022
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed
CVE-2020-20944 was published Dec 28, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database