Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

327 advisories

Loading
D-Link DIR845L A1 contains a authentication vulnerability via an AUTHORIZED_GROUP=1 value, as... Critical Unreviewed
CVE-2022-36755 was published Aug 29, 2022
Openstack Keystone Incorrect Authorization vulnerability Critical
CVE-2021-3563 was published for keystone (pip) Aug 27, 2022
Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before... Critical Unreviewed
CVE-2022-25899 was published Aug 19, 2022
The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this... Critical Unreviewed
CVE-2022-37002 was published Aug 11, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails Critical
CVE-2022-35924 was published for next-auth (npm) Aug 2, 2022
aried3r feross
Credited to aried3r and feross
HashiCorp Vault and Vault Enterprise through 2022-07-17 have Incorrect Access Control. Critical Unreviewed
CVE-2022-36129 was published Jul 27, 2022
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88... Critical Unreviewed
CVE-2022-1309 was published Jul 26, 2022
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file ... Critical Unreviewed
CVE-2022-26479 was published Jul 18, 2022
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17.... Critical Unreviewed
CVE-2022-35890 was published Jul 16, 2022
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created... Critical Unreviewed
CVE-2022-32294 was published Jul 12, 2022
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI... Critical Unreviewed
CVE-2022-32295 was published Jul 2, 2022
Improper Authorization in Apache Shiro Critical
CVE-2022-32532 was published for org.apache.shiro:shiro-core (Maven) Jun 30, 2022
Depending on the configuration of the route permission table in file 'saprouttab', it is possible... Critical Unreviewed
CVE-2022-27668 was published Jun 15, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web... Critical Unreviewed
CVE-2022-30309 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x... Critical Unreviewed
CVE-2022-30310 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x... Critical Unreviewed
CVE-2022-30311 was published Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web... Critical Unreviewed
CVE-2022-30308 was published Jun 14, 2022
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an... Critical Unreviewed
CVE-2022-25237 was published Jun 3, 2022
An access control issue in Linglong v1.0 allows attackers to access the background of the... Critical Unreviewed
CVE-2022-29633 was published May 27, 2022
TrueStack Direct Connect 1.4.7 has Incorrect Access Control. Critical Unreviewed
CVE-2022-23775 was published May 26, 2022
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file... Critical Unreviewed
CVE-2021-42002 was published May 24, 2022
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is... Critical Unreviewed
CVE-2021-35368 was published May 24, 2022
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth,... Critical Unreviewed
CVE-2021-42837 was published May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21692 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21693 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database