Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
An issue was discovered in Joomla! before 3.9.17. Incorrect ACL checks in the access level... Moderate Unreviewed
CVE-2020-11889 was published May 24, 2022
An issue was discovered in Sonatype Nexus Repository Manager in versions 3.21.1 and 3.22.0. It is... Moderate Unreviewed
CVE-2020-11753 was published May 24, 2022
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or... Moderate Unreviewed
CVE-2020-3952 was published May 24, 2022
An improper authorization vulnerability in FortiADC may allow a remote authenticated user with... Moderate Unreviewed
CVE-2020-9286 was published May 24, 2022
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images. Moderate Unreviewed
CVE-2020-10952 was published May 24, 2022
HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access... Moderate Unreviewed
CVE-2020-1800 was published May 24, 2022
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software.... Moderate Unreviewed
CVE-2020-10839 was published May 24, 2022
cs/service/account/AutoCompleteGal.java in Zimbra zm-mailbox before 8.8.15.p8 allows... Moderate Unreviewed
CVE-2020-10194 was published May 24, 2022
cPanel before 84.0.20 allows attackers to bypass intended restrictions on features and demo... Moderate Unreviewed
CVE-2020-10116 was published May 24, 2022
cPanel before 84.0.20 mishandles enforcement of demo checks in the Market UAPI namespace (SEC-542). Moderate Unreviewed
CVE-2020-10117 was published May 24, 2022
GitLab before 12.8.2 has Incorrect Access Control. It was internally discovered that the LFS... Moderate Unreviewed
CVE-2020-10081 was published May 24, 2022
In setBluetoothTethering of PanService.java, there is a possible permission bypass due to a... Moderate Unreviewed
CVE-2020-0085 was published May 24, 2022
In several functions of NotificationManagerService.java, there are missing permission checks.... Moderate Unreviewed
CVE-2020-0084 was published May 24, 2022
Missing permission checks in Mac Plugin Moderate
CVE-2020-2148 was published for fr.edf.jenkins.plugins:mac (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
The Avast AV parsing engine allows virus-detection bypass via a crafted ZIP archive. This affects... Moderate Unreviewed
CVE-2020-9399 was published May 24, 2022
This was addressed with additional checks by Gatekeeper on files mounted through a network share.... Moderate Unreviewed
CVE-2020-3866 was published May 24, 2022
The Software Development Kit of the MiContact Center Business with Site Based Security 8.0... Moderate Unreviewed
CVE-2020-9379 was published May 24, 2022
Insufficient policy enforcement in extensions in Google Chrome prior to 79.0.3945.130 allowed a... Moderate Unreviewed
CVE-2020-6380 was published May 24, 2022
A security feature bypass vulnerability exists in Surface Hub when prompting for credentials, aka... Moderate Unreviewed
CVE-2020-0702 was published May 24, 2022
When the Windows Logon Integration feature is configured for all versions of BIG-IP Edge Client... Moderate Unreviewed
CVE-2020-5855 was published May 24, 2022
In Kronos Web Time and Attendance (webTA) 3.8.x and later 3.x versions before 4.0, the com... Moderate Unreviewed
CVE-2020-8495 was published May 24, 2022
Memory usage graphs accessible to anyone with Overall/Read Moderate
CVE-2020-2104 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
An authorization issue was discovered in GitLab EE < 12.1.2, < 12.0.4, and < 11.11.6 allowing the... Moderate Unreviewed
CVE-2019-5474 was published May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip... Moderate Unreviewed
CVE-2020-5194 was published May 24, 2022
IBM Cognos Analytics 11.0 and 11.1 allows overly permissive cross-origin resource sharing which... Moderate Unreviewed
CVE-2019-4343 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database