Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

327 advisories

Loading
The REST/JSON project 7.x-1.x for Drupal allows comment access bypass, aka SA-CONTRIB-2016-033.... Critical Unreviewed
CVE-2016-20002 was published May 24, 2022
The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033... Critical Unreviewed
CVE-2016-20005 was published May 24, 2022
An elevation of privilege vulnerability exists in the way Azure Functions validate access keys.An... Critical Unreviewed
CVE-2020-16904 was published May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT... Critical Unreviewed
CVE-2020-12504 was published May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT... Critical Unreviewed
CVE-2020-12500 was published May 24, 2022
An issue was discovered on LG mobile devices with Android OS 10 software. The lguicc software ... Critical Unreviewed
CVE-2020-25282 was published May 24, 2022
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT... Critical Unreviewed
CVE-2020-25283 was published May 24, 2022
A vulnerability in the authorization controls for the Cisco IOx application hosting... Critical Unreviewed
CVE-2020-3227 was published May 24, 2022
Incorrect Authorization in Puppet Enterprise Pipeline Jenkins Plugin Critical
CVE-2019-10458 was published for org.jenkins-ci.plugins.workflow:puppet-enterprise-pipeline (Maven) May 24, 2022
westonsteimel
Credited to westonsteimel
OpenID Connect Issuer in LemonLDAP::NG 2.x through 2.0.5 may allow an attacker to bypass access... Critical Unreviewed
CVE-2019-15941 was published May 24, 2022
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin Critical
CVE-2019-10417 was published for io.fabric8.pipeline:kubernetes-pipeline-steps (Maven) May 24, 2022
westonsteimel
Credited to westonsteimel
Incorrect Authorization in Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin Critical
CVE-2019-10418 was published for io.fabric8.pipeline:kubernetes-pipeline-arquillian-steps (Maven) May 24, 2022
westonsteimel
Credited to westonsteimel
On STMicroelectronics STM32L0, STM32L1, STM32L4, STM32F4, STM32F7, and STM32H7 devices,... Critical Unreviewed
CVE-2019-14236 was published May 24, 2022
On NXP Kinetis KV1x, Kinetis KV3x, and Kinetis K8x devices, Flash Access Controls (FAC) (a... Critical Unreviewed
CVE-2019-14237 was published May 24, 2022
A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches... Critical Unreviewed
CVE-2019-1912 was published May 24, 2022
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an... Critical Unreviewed
CVE-2019-7304 was published May 24, 2022
Sandbox bypass in ontrack Jenkins Plugin Critical
CVE-2019-10306 was published for org.jenkins-ci.plugins:ontrack (Maven) May 24, 2022
westonsteimel
Credited to westonsteimel
Authorization bypass in Spring Security Critical
CVE-2022-22978 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022
secjoker moon2263
Credited to secjoker and moon2263
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network... Critical Unreviewed
CVE-2018-7245 was published May 13, 2022
In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the... Critical Unreviewed
CVE-2018-19515 was published May 13, 2022
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports... Critical Unreviewed
CVE-2018-18815 was published May 13, 2022
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to... Critical Unreviewed
CVE-2018-13324 was published May 13, 2022
WebExtensions bundled with embedded experiments were not correctly checked for proper... Critical Unreviewed
CVE-2018-12369 was published May 13, 2022
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization... Critical Unreviewed
CVE-2018-1000155 was published May 13, 2022
** DISPUTED ** An issue was discovered in SMA Solar Technology products. A secondary... Critical Unreviewed
CVE-2017-9855 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database