Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,638
Maven
5,000+
npm
4,264
NuGet
760
pip
4,060
Pub
12
RubyGems
956
Rust
1,057
Swift
45
Unreviewed advisories
All unreviewed
5,000+

768 advisories

Loading
Malicious takeover of previously owned ENS names High
CVE-2020-5232 was published for @ensdomains/ens (npm) Jan 30, 2020
Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged... High Unreviewed
CVE-2022-2661 was published Aug 17, 2022
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure... High Unreviewed
CVE-2020-27779 was published May 24, 2022
Acrobat Reader DC versions 2020.012.20048 (and earlier), 2020.001.30005 (and earlier) and 2017... Moderate Unreviewed
CVE-2020-24431 was published May 24, 2022
Improper Authorization vulnerability of Pepperl+Fuchs P+F Comtrol RocketLinx ES7510-XT, ES8509-XT... Critical Unreviewed
CVE-2020-12500 was published May 24, 2022
Banking services from SAP 9.0 (Bank Analyzer), version - 500, and SAP S/4HANA for financial... Moderate Unreviewed
CVE-2020-6311 was published May 24, 2022
A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. This... Moderate Unreviewed
CVE-2015-10033 was published Jan 9, 2023
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in... High Unreviewed
CVE-2022-4701 was published Jan 10, 2023
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference High
CVE-2022-31167 was published for org.xwiki.platform:xwiki-platform-security (Maven) Sep 20, 2022
OpenFGA Authorization Bypass High
CVE-2022-23542 was published for github.com/openfga/openfga (Go) Dec 20, 2022
The permission control of AIFU cashier management salary query function can be bypassed, thus... Moderate Unreviewed
CVE-2021-42337 was published May 24, 2022
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated... Critical Unreviewed
CVE-2021-42338 was published May 24, 2022
Dataprobe iBoot-PDU FW versions prior to 1.42.06162022 contain a vulnerability where certain PHP... Moderate Unreviewed
CVE-2022-3187 was published Dec 22, 2022
A vulnerability, which was classified as problematic, has been found in Click Studios... Moderate Unreviewed
CVE-2022-3876 was published Dec 19, 2022
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed High
CVE-2022-4147 was published for io.quarkus:quarkus-vertx-http (Maven) Dec 6, 2022
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to... High Unreviewed
CVE-2017-8409 was published May 24, 2022
A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical... High Unreviewed
CVE-2022-4879 was published Jan 6, 2023
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level... High Unreviewed
CVE-2021-43939 was published Apr 29, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP... High Unreviewed
CVE-2021-24188 was published May 24, 2022
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting... High Unreviewed
CVE-2022-2536 was published Dec 15, 2022
Huawei XH620 V3, XH622 V3, and XH628 V3 servers with software before V100R003C00SPC610, RH1288 V3... Critical Unreviewed
CVE-2016-6825 was published May 17, 2022
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon... High Unreviewed
CVE-2016-4531 was published May 17, 2022
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers... High Unreviewed
CVE-2016-7143 was published May 17, 2022
EMC ViPR SRM before 3.7.2 does not restrict the number of password-authentication attempts, which... Critical Unreviewed
CVE-2016-0922 was published May 17, 2022
Dynamic modification of RPyC service due to missing security check High
CVE-2019-16328 was published for rpyc (pip) Feb 17, 2021
comrumino
Credited to comrumino
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database