GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,684 advisories
Filter by severity
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0,...
Moderate
Unreviewed
CVE-2020-29138
was published
May 24, 2022
An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a...
Moderate
Unreviewed
CVE-2020-29561
was published
May 24, 2022
Missing permission checks in Jenkins openstack-heat Plugin
Moderate
CVE-2022-36912
was published
for
org.jenkins-ci.plugins:openstack-heat
(Maven)
Jul 28, 2022
The developer page about:memory has a Measure function for exploring what object types the...
Moderate
Unreviewed
CVE-2021-23975
was published
May 24, 2022
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the...
Moderate
Unreviewed
CVE-2022-23055
was published
Jun 23, 2022
The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization...
Moderate
Unreviewed
CVE-2022-38367
was published
Sep 6, 2022
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX...
Moderate
Unreviewed
CVE-2022-2376
was published
Sep 6, 2022
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have...
Moderate
Unreviewed
CVE-2022-2543
was published
Sep 6, 2022
The BW Database Interface does not perform necessary authorization checks for an authenticated...
Moderate
Unreviewed
CVE-2021-21468
was published
May 24, 2022
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by...
Moderate
Unreviewed
CVE-2021-32917
was published
May 24, 2022
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php...
Moderate
Unreviewed
CVE-2020-29604
was published
May 24, 2022
SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an...
Moderate
Unreviewed
CVE-2021-27609
was published
May 24, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the...
Moderate
Unreviewed
CVE-2021-25013
was published
Jan 25, 2022
In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high...
Moderate
Unreviewed
CVE-2021-32015
was published
May 24, 2022
The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an...
Moderate
Unreviewed
CVE-2021-32093
was published
May 24, 2022
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the...
Moderate
Unreviewed
CVE-2021-24968
was published
Jan 25, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF...
Moderate
Unreviewed
CVE-2021-24993
was published
Feb 8, 2022
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows
Moderate
Unreviewed
CVE-2020-13938
was published
May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command...
Moderate
Unreviewed
CVE-2021-23204
was published
May 24, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1,...
Moderate
Unreviewed
CVE-2020-29621
was published
May 24, 2022
In getAllPackages of PackageManagerService, there is a possible information disclosure due to a...
Moderate
Unreviewed
CVE-2021-0521
was published
May 24, 2022
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2....
Moderate
Unreviewed
CVE-2021-30155
was published
May 24, 2022
SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization...
Moderate
Unreviewed
CVE-2021-27605
was published
May 24, 2022
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent...
Moderate
Unreviewed
CVE-2020-10701
was published
May 24, 2022
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751,...
Moderate
Unreviewed
CVE-2021-21473
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API