GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,477

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

175 advisories

Filter by severity

Sort by

Least recently updated

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of... Critical Unreviewed

CVE-2021-45878 was published Mar 22, 2022

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected... Critical Unreviewed

CVE-2022-24595 was published Mar 19, 2022

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line... Critical Unreviewed

CVE-2021-45015 was published Dec 15, 2021

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an... Critical Unreviewed

CVE-2021-27856 was published Dec 16, 2021

Hospital Management System v1.0 was discovered to lack an authorization component, allowing... Critical Unreviewed

CVE-2022-26546 was published Apr 1, 2022

There is an improper verification vulnerability in smartphones. Successful exploitation of this... Critical Unreviewed

CVE-2021-22448 was published Feb 26, 2022

An exploitable unsafe default configuration vulnerability exists in the TURN server function of... Critical Unreviewed

CVE-2018-4059 was published May 13, 2022

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could... Critical Unreviewed

CVE-2020-4926 was published May 25, 2022

Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5... Critical Unreviewed

CVE-2020-36239 was published May 24, 2022

An arbitrary file deletion vulnerability in rConfig 3.9.5 has been fixed for 3.9.6. This... Critical Unreviewed

CVE-2020-25359 was published May 24, 2022

File Deletion vulnerability in Halo 0.4.3 via delBackup. Critical Unreviewed

CVE-2020-19038 was published May 24, 2022

It has been discovered that redhat-certification does not perform an authorization check and it... Critical Unreviewed

CVE-2018-10866 was published May 24, 2022

LRM does not implement authentication or authorization by default. A malicious actor can inject,... Critical Unreviewed

CVE-2022-1521 was published Jun 25, 2022

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed

CVE-2020-20944 was published Dec 28, 2021

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain... Critical Unreviewed

CVE-2022-35293 was published Aug 11, 2022

IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an... Critical Unreviewed

CVE-2020-4499 was published May 24, 2022

In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system.... Critical Unreviewed

CVE-2019-19885 was published May 24, 2022

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to... Critical Unreviewed

CVE-2020-26823 was published May 24, 2022

Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting... Critical Unreviewed

CVE-2020-11856 was published May 24, 2022

MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php... Critical Unreviewed

CVE-2020-29006 was published May 24, 2022

A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older),... Critical Unreviewed

CVE-2020-28215 was published May 24, 2022

A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s):... Critical Unreviewed

CVE-2020-7124 was published May 24, 2022

An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is... Critical Unreviewed

CVE-2020-29551 was published May 24, 2022

wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain... Critical Unreviewed

CVE-2020-28036 was published May 24, 2022

The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by... Critical Unreviewed

CVE-2020-35219 was published May 24, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

175 advisories