Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,056
Swift
45
Unreviewed advisories
All unreviewed
5,000+

768 advisories

Loading
Bytebase allows low-privilege users to view admin projects Moderate
CVE-2022-32170 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and... Critical Unreviewed
CVE-2022-39862 was published Oct 7, 2022
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows... Moderate Unreviewed
CVE-2022-39873 was published Oct 7, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API High
CVE-2022-41672 was published for apache-airflow (pip) Oct 7, 2022
sunSUNQ
Credited to sunSUNQ
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control... Moderate Unreviewed
CVE-2022-34434 was published Oct 11, 2022
An issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer... Moderate Unreviewed
CVE-2022-42961 was published Oct 15, 2022
Field-level access-control bypass for multiselect field Critical
CVE-2022-39322 was published for @keystone-6/core (npm) Oct 18, 2022
marekryb
Credited to marekryb
A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an... Moderate Unreviewed
CVE-2022-36454 was published Oct 25, 2022
A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow... High Unreviewed
CVE-2022-36453 was published Oct 25, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint Moderate
CVE-2022-39340 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA Authorization Bypass Moderate
CVE-2022-39342 was published for github.com/openfga/openfga (Go) Oct 25, 2022
OpenFGA Authorization Bypass via tupleset wildcard Moderate
CVE-2022-39341 was published for github.com/openfga/openfga (Go) Oct 25, 2022
A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact... Critical Unreviewed
CVE-2022-27583 was published Nov 1, 2022
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows... Low Unreviewed
CVE-2022-39879 was published Nov 10, 2022
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1... High Unreviewed
CVE-2022-39883 was published Nov 10, 2022
A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this... High Unreviewed
CVE-2022-4281 was published Dec 5, 2022
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed High
CVE-2022-4147 was published for io.quarkus:quarkus-vertx-http (Maven) Dec 6, 2022
Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker... High Unreviewed
CVE-2022-39902 was published Dec 8, 2022
An issue was discovered in the fp_newsletter (aka Newsletter subscriber management) extension... High Unreviewed
CVE-2022-47409 was published Dec 14, 2022
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting... High Unreviewed
CVE-2022-2536 was published Dec 15, 2022
A vulnerability, which was classified as problematic, has been found in Click Studios... Moderate Unreviewed
CVE-2022-3876 was published Dec 19, 2022
A vulnerability was found in Click Studios Passwordstate and Passwordstate Browser Extension... Moderate Unreviewed
CVE-2022-4613 was published Dec 19, 2022
OpenFGA Authorization Bypass High
CVE-2022-23542 was published for github.com/openfga/openfga (Go) Dec 20, 2022
The application management module has a vulnerability in permission verification. Successful... High Unreviewed
CVE-2022-46312 was published Dec 20, 2022
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP... Moderate Unreviewed
CVE-2022-3187 was published Dec 22, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database