Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

2,855 advisories

Loading
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed... High Unreviewed
CVE-2022-25364 was published Mar 18, 2022
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2). Critical Unreviewed
CVE-2022-26501 was published Mar 18, 2022
Improper Authorization in org.cometd.oort High
CVE-2022-24721 was published for org.cometd.java:cometd-java-oort (Maven) Mar 15, 2022
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an... Moderate Unreviewed
CVE-2021-38971 was published Mar 15, 2022
Timescale TimescaleDB 1.x and 2.x before 2.5.2 may allow privilege escalation during extension... High Unreviewed
CVE-2022-24128 was published Mar 14, 2022
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a... High Unreviewed
CVE-2021-41850 was published Mar 13, 2022
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0. Moderate Unreviewed
CVE-2022-0821 was published Mar 12, 2022
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
The public API error causes for the attacker to be able to bypass API access control. Critical Unreviewed
CVE-2022-23730 was published Mar 12, 2022
Improper Authorization in cobbler Moderate
CVE-2022-0860 was published for cobbler (pip) Mar 11, 2022
ysf
Credited to ysf
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the "... High Unreviewed
CVE-2021-42855 was published Mar 11, 2022
Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates... Critical Unreviewed
CVE-2022-24609 was published Mar 11, 2022
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware... Moderate Unreviewed
CVE-2022-24930 was published Mar 11, 2022
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022... High Unreviewed
CVE-2022-24931 was published Mar 11, 2022
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote... Moderate Unreviewed
CVE-2022-25215 was published Mar 11, 2022
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote... High Unreviewed
CVE-2022-25214 was published Mar 11, 2022
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business... Critical Unreviewed
CVE-2022-26143 was published Mar 11, 2022
Duplicate Advisory: Incorrect Authorization in Gerapy Critical
CVE-2021-44597 was published for gerapy (pip) Mar 11, 2022 withdrawn
Incorrect Authentication in shopware Moderate
CVE-2022-24748 was published for shopware/core (Composer) Mar 10, 2022
Exposure of Private Personal Information to an Unauthorized Actor in alextselegidis/easyappointments Critical
CVE-2022-0482 was published for alextselegidis/easyappointments (Composer) Mar 10, 2022
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1,... Moderate Unreviewed
CVE-2021-24824 was published Mar 8, 2022
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user... Moderate Unreviewed
CVE-2022-0442 was published Mar 8, 2022
Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Moderate Unreviewed
CVE-2022-0756 was published Mar 8, 2022
bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered... Moderate Unreviewed
CVE-2021-3658 was published Mar 4, 2022
Incorrect Authorization in @uppy/companion High
CVE-2022-0528 was published for @uppy/companion (npm) Mar 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database