Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,388 advisories

Loading
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows... Low Unreviewed
CVE-2022-33689 was published Jul 13, 2022
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. High Unreviewed
CVE-2022-30929 was published Jul 7, 2022
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a... Moderate Unreviewed
CVE-2022-26051 was published Jul 5, 2022
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a... Moderate Unreviewed
CVE-2022-26054 was published Jul 5, 2022
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote... Moderate Unreviewed
CVE-2022-27807 was published Jul 5, 2022
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu... Moderate Unreviewed
CVE-2022-26368 was published Jul 5, 2022
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a... Moderate Unreviewed
CVE-2022-28692 was published Jul 5, 2022
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14... Moderate Unreviewed
CVE-2022-2227 was published Jul 2, 2022
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to... Critical Unreviewed
CVE-2022-2185 was published Jul 2, 2022
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log... Moderate Unreviewed
CVE-2014-0068 was published Jul 1, 2022
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry... Moderate Unreviewed
CVE-2022-23725 was published Jul 1, 2022
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is... Moderate Unreviewed
CVE-2022-29271 was published Jun 30, 2022
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an... Critical Unreviewed
CVE-2021-39409 was published Jun 25, 2022
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of... Moderate Unreviewed
CVE-2022-34012 was published Jun 24, 2022
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640... Moderate Unreviewed
CVE-2022-1596 was published Jun 22, 2022
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing,... High Unreviewed
CVE-2022-34006 was published Jun 20, 2022
In universal forwarder versions before 9.0, management services are available remotely by default... High Unreviewed
CVE-2022-32155 was published Jun 16, 2022
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local,... High Unreviewed
CVE-2022-28226 was published Jun 16, 2022
A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11). The affected... High Unreviewed
CVE-2022-31465 was published Jun 15, 2022
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have... Moderate Unreviewed
CVE-2021-40649 was published Jun 15, 2022
The Log WP_Mail WordPress plugin through 0.1 saves sent email in a publicly accessible directory... High Unreviewed
CVE-2022-1412 was published Jun 14, 2022
Within the Service Desk module of the ITarian platform (SAAS and on-premise), a remote attacker... High Unreviewed
CVE-2022-25151 was published Jun 10, 2022
In telephony, there is a possible information disclosure due to a missing permission check. This... Moderate Unreviewed
CVE-2022-21749 was published Jun 7, 2022
In telephony, there is a possible information disclosure due to a missing permission check. This... Moderate Unreviewed
CVE-2022-21748 was published Jun 7, 2022
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a... High Unreviewed
CVE-2022-30700 was published May 28, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database