Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

271 advisories

Loading
In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization... High Unreviewed
CVE-2014-9950 was published May 17, 2022
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82,... High Unreviewed
CVE-2016-1711 was published May 17, 2022
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as... High Unreviewed
CVE-2016-1710 was published May 17, 2022
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and... High Unreviewed
CVE-2016-5676 was published May 17, 2022
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote... High Unreviewed
CVE-2015-3656 was published May 17, 2022
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining... High Unreviewed
CVE-2016-4029 was published May 17, 2022
It was found that some selectivity estimation functions in PostgreSQL before 9.2.21, 9.3.x before... High Unreviewed
CVE-2017-7484 was published May 14, 2022
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass... High Unreviewed
CVE-2013-7245 was published May 14, 2022
Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check... High Unreviewed
CVE-2016-3352 was published May 14, 2022
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS... High Unreviewed
CVE-2016-5420 was published May 14, 2022
Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions... High Unreviewed
CVE-2017-2689 was published May 13, 2022
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its... High Unreviewed
CVE-2016-7035 was published May 13, 2022
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions... High Unreviewed
CVE-2016-7071 was published May 13, 2022
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA)... High Unreviewed
CVE-2018-15465 was published May 13, 2022
Pagure 3.3.0 and earlier is vulnerable to loss of confidentially due to improper authorization High Unreviewed
CVE-2017-1002151 was published May 13, 2022
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and... High Unreviewed
CVE-2016-1000219 was published May 13, 2022
Improper Authorization in Apache Xalan-Java High
CVE-2014-0107 was published for xalan:xalan (Maven) May 13, 2022
Improper Authorization in Jenkins Core High
CVE-2019-1003004 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Authorization in Jenkins Core High
CVE-2019-1003003 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
sunSUNQ
Credited to sunSUNQ
Write access to the catalog for any user when restricted-admin role is enabled in Rancher High
CVE-2021-4200 was published for github.com/rancher/rancher (Go) May 2, 2022
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level... High Unreviewed
CVE-2021-43939 was published Apr 29, 2022
go.etcd.io/etcd Authentication Bypass High
CVE-2018-16886 was published for go.etcd.io/etcd (Go) Apr 12, 2022
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker... High Unreviewed
CVE-2022-28776 was published Apr 12, 2022
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Improper Authorization in GitHub repository webmin/webmin prior to 1.990. High Unreviewed
CVE-2022-0829 was published Mar 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database