Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,684 advisories

Loading
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0,... Moderate Unreviewed
CVE-2020-29138 was published May 24, 2022
An issue was discovered in SonicBOOM riscv-boom 3.0.0. For LR, it does not avoid acquiring a... Moderate Unreviewed
CVE-2020-29561 was published May 24, 2022
Missing permission checks in Jenkins openstack-heat Plugin Moderate
CVE-2022-36912 was published for org.jenkins-ci.plugins:openstack-heat (Maven) Jul 28, 2022
NotMyFault
The developer page about:memory has a Measure function for exploring what object types the... Moderate Unreviewed
CVE-2021-23975 was published May 24, 2022
In ERPNext, versions v11.0.0-beta through v13.0.2 are vulnerable to Missing Authorization, in the... Moderate Unreviewed
CVE-2022-23055 was published Jun 23, 2022
The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization... Moderate Unreviewed
CVE-2022-38367 was published Sep 6, 2022
The Directorist WordPress plugin before 7.3.1 discloses the email address of all users in an AJAX... Moderate Unreviewed
CVE-2022-2376 was published Sep 6, 2022
The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.18.0 does not have... Moderate Unreviewed
CVE-2022-2543 was published Sep 6, 2022
The BW Database Interface does not perform necessary authorization checks for an authenticated... Moderate Unreviewed
CVE-2021-21468 was published May 24, 2022
An issue was discovered in Prosody before 0.11.9. The proxy65 component allows open access by... Moderate Unreviewed
CVE-2021-32917 was published May 24, 2022
An issue was discovered in MantisBT before 2.24.4. A missing access check in bug_actiongroup.php... Moderate Unreviewed
CVE-2020-29604 was published May 24, 2022
SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an... Moderate Unreviewed
CVE-2021-27609 was published May 24, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed
CVE-2021-25013 was published Jan 25, 2022
In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high... Moderate Unreviewed
CVE-2021-32015 was published May 24, 2022
The ConfigFileAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows an... Moderate Unreviewed
CVE-2021-32093 was published May 24, 2022
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24968 was published Jan 25, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows Moderate Unreviewed
CVE-2020-13938 was published May 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gallagher Command... Moderate Unreviewed
CVE-2021-23204 was published May 24, 2022
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1,... Moderate Unreviewed
CVE-2020-29621 was published May 24, 2022
In getAllPackages of PackageManagerService, there is a possible information disclosure due to a... Moderate Unreviewed
CVE-2021-0521 was published May 24, 2022
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.... Moderate Unreviewed
CVE-2021-30155 was published May 24, 2022
SAP's HCM Travel Management Fiori Apps V2, version - 608, does not perform proper authorization... Moderate Unreviewed
CVE-2021-27605 was published May 24, 2022
A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent... Moderate Unreviewed
CVE-2020-10701 was published May 24, 2022
SAP NetWeaver AS ABAP and ABAP Platform, versions - 700, 702, 710, 711, 730, 731, 740, 750, 751,... Moderate Unreviewed
CVE-2021-21473 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API