Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

327 advisories

Loading
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php,... Critical Unreviewed
CVE-2020-20466 was published May 24, 2022
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check. Critical Unreviewed
CVE-2021-30192 was published May 24, 2022
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 ... Critical Unreviewed
CVE-2021-28799 was published May 24, 2022
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive... Critical Unreviewed
CVE-2021-20538 was published May 24, 2022
Drupal Core Access bypass vulnerability Critical
CVE-2020-13665 was published for drupal/core (Composer) May 24, 2022
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where... Critical Unreviewed
CVE-2021-28793 was published May 24, 2022
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code... Critical Unreviewed
CVE-2021-30503 was published May 24, 2022
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit... Critical Unreviewed
CVE-2021-21730 was published May 24, 2022
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation... Critical Unreviewed
CVE-2020-28872 was published May 24, 2022
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote... Critical Unreviewed
CVE-2020-24264 was published May 24, 2022
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP... Critical Unreviewed
CVE-2021-21484 was published May 24, 2022
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret... Critical Unreviewed
CVE-2020-28050 was published May 24, 2022
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. Critical Unreviewed
CVE-2021-3332 was published May 24, 2022
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component... Critical Unreviewed
CVE-2019-11684 was published May 24, 2022
Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the... Critical Unreviewed
CVE-2021-25648 was published May 24, 2022
NeDi 1.9C allows an authenticated user to inject PHP code in the System Files function on the... Critical Unreviewed
CVE-2021-26753 was published May 24, 2022
An issue was discovered on FiberHome HG6245D devices through RP2613. It is possible to bypass... Critical Unreviewed
CVE-2021-27177 was published May 24, 2022
An issue was discovered in Epikur before 20.1.1. The Epikur server contains the checkPasswort()... Critical Unreviewed
CVE-2020-10539 was published May 24, 2022
PacsOne Server (PACS Server In One Box) below 7.1.1 is affected by incorrect access control,... Critical Unreviewed
CVE-2020-29165 was published May 24, 2022
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this... Critical Unreviewed
CVE-2020-2506 was published May 24, 2022
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this... Critical Unreviewed
CVE-2020-2507 was published May 24, 2022
A library index page in NuPoint Messenger in Mitel MiCollab before 9.2 FP1 could allow an... Critical Unreviewed
CVE-2020-35547 was published May 24, 2022
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It... Critical Unreviewed
CVE-2020-35951 was published May 24, 2022
The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE... Critical Unreviewed
CVE-2016-20001 was published May 24, 2022
The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033.... Critical Unreviewed
CVE-2016-20004 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database