Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

52 advisories

Loading
Improper Authorization in Apache Shiro Critical
CVE-2022-32532 was published for org.apache.shiro:shiro-core (Maven) Jun 30, 2022
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated... Critical Unreviewed
CVE-2021-42338 was published May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21693 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the... Critical Unreviewed
CVE-2021-41974 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36029 was published May 24, 2022
Obsidian does not require user confirmation for non-http/https URLs. Critical
CVE-2021-38148 was published for obsidian (npm) May 24, 2022
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to... Critical Unreviewed
CVE-2021-32523 was published May 24, 2022
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 ... Critical Unreviewed
CVE-2021-28799 was published May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT... Critical Unreviewed
CVE-2020-12500 was published May 24, 2022
In WebAccess, versions 8.4.1 and prior, an improper authorization vulnerability may allow an... Critical Unreviewed
CVE-2019-13550 was published May 24, 2022
Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized... Critical Unreviewed
CVE-2018-14670 was published May 24, 2022
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches... Critical Unreviewed
CVE-2019-1912 was published May 24, 2022
Authorization bypass in Spring Security Critical
CVE-2022-22978 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022
secjoker moon2263
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3... Critical Unreviewed
CVE-2016-6825 was published May 17, 2022
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which... Critical Unreviewed
CVE-2016-0922 was published May 17, 2022
Moxa OnCell G3100V2 devices before 2.8 and G3111, G3151, G3211, and G3251 devices before 1.7 do... Critical Unreviewed
CVE-2016-5799 was published May 17, 2022
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log... Critical Unreviewed
CVE-2016-10734 was published May 14, 2022
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI... Critical Unreviewed
CVE-2015-5463 was published May 14, 2022
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and... Critical Unreviewed
CVE-2015-3954 was published May 13, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows... Critical Unreviewed
CVE-2022-0993 was published Apr 20, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C... Critical Unreviewed
CVE-2022-21196 was published Feb 19, 2022
Authorization bypass in Openshift Critical
CVE-2016-1906 was published for github.com/openshift/origin (Go) Dec 20, 2021
Deno's static imports inside dynamically imported modules do not adhere to permission checks Critical
CVE-2021-32619 was published for deno (Rust) Sep 23, 2021
nayeemrmn
Improper Authorization and Origin Validation Error in OneFuzz Critical
CVE-2021-37705 was published for onefuzz (pip) Aug 13, 2021
Improper Authorization in passport-cognito Critical
CVE-2019-19723 was published for passport-cognito (npm) Sep 4, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database