Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,855 advisories

Loading
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group)... Moderate Unreviewed
CVE-2009-0034 was published May 2, 2022
The ACL plugin in Dovecot before 1.1.4 treats negative access rights as if they are positive... Moderate Unreviewed
CVE-2008-4577 was published May 2, 2022
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE,... High Unreviewed
CVE-2008-3424 was published May 2, 2022
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes... Moderate Unreviewed
CVE-2008-0595 was published May 1, 2022
index.php in dirLIST before 0.1.1 allows remote attackers to list the contents of an excluded... Moderate Unreviewed
CVE-2007-3968 was published May 1, 2022
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which... High Unreviewed
CVE-2007-2586 was published May 1, 2022
Incorrect Authorization in Getahead Direct Web Remoting High
CVE-2007-0184 was published for org.directwebremoting:dwr (Maven) May 1, 2022
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying... High Unreviewed
CVE-2006-6679 was published May 1, 2022
Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world... Moderate Unreviewed
CVE-2005-2136 was published May 1, 2022
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before... Critical Unreviewed
CVE-2022-29906 was published Apr 30, 2022
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A... High Unreviewed
CVE-2021-44595 was published Apr 30, 2022
Improper Authentication in moodle Moderate
CVE-2022-0985 was published for moodle/moodle (Composer) Apr 30, 2022
Missing authorization in Moodle Moderate
CVE-2022-0984 was published for moodle/moodle (Composer) Apr 30, 2022
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an... High Unreviewed
CVE-2022-29935 was published Apr 30, 2022
Lexmark products through 2022-02-10 have Incorrect Access Control. High Unreviewed
CVE-2022-24935 was published Apr 29, 2022
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360... Critical Unreviewed
CVE-2022-29081 was published Apr 29, 2022
In this physical attack, an attacker may potentially exploit the Zynq-7000 SoC First Stage Boot... Moderate Unreviewed
CVE-2022-23822 was published Apr 28, 2022
Improper authorization in Keycloak Moderate
CVE-2022-1466 was published for org.keycloak:keycloak-core (Maven) Apr 27, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n kurt-r2c
Credited to knutz3n and kurt-r2c
cups (Common Unix Printing System) 'Listen localhost:631' option not honored correctly which... Moderate Unreviewed
CVE-2012-6094 was published Apr 23, 2022
trytond Incorrect Authorization vulnerability High
CVE-2012-2238 was published for trytond (pip) Apr 23, 2022
Tahoe-LAFS v1.3.0 through v1.8.2 could allow unauthorized users to delete immutable files in some... Moderate Unreviewed
CVE-2011-3617 was published Apr 22, 2022
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the... High Unreviewed
CVE-2011-2726 was published Apr 22, 2022
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow... Critical Unreviewed
CVE-2010-1435 was published Apr 21, 2022
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read... Critical Unreviewed
CVE-2010-2548 was published Apr 21, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database