Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed... Moderate Unreviewed
CVE-2021-22865 was published May 24, 2022
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1... Moderate Unreviewed
CVE-2020-27901 was published May 24, 2022
KIS for macOS in some use cases was vulnerable to AV bypass that potentially allowed an attacker... Moderate Unreviewed
CVE-2021-26718 was published May 24, 2022
The /rest/api/1.0/render resource in Jira Server and Data Center before version 8.5.13, from... Moderate Unreviewed
CVE-2020-36238 was published May 24, 2022
GistPad before 0.2.7 allows a crafted workspace folder to change the URL for the Gist API, which... Moderate Unreviewed
CVE-2021-29642 was published May 24, 2022
IBM UrbanCode Deploy (UCD) 6.2.7.9, 7.0.5.4, and 7.1.1.1 could allow an authenticated user to... Moderate Unreviewed
CVE-2020-4848 was published May 24, 2022
HashiCorp Terraform Enterprise up to v202102-2 failed to enforce an organization-level setting... Moderate Unreviewed
CVE-2021-3153 was published May 24, 2022
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes... Moderate Unreviewed
CVE-2021-25369 was published May 24, 2022
An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access... Moderate Unreviewed
CVE-2021-22180 was published May 24, 2022
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data... Moderate Unreviewed
CVE-2021-22172 was published May 24, 2022
In FreeBSD 12.2-STABLE before r369346, 11.4-STABLE before r369345, 12.2-RELEASE before p4 and 11... Moderate Unreviewed
CVE-2020-25580 was published May 24, 2022
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify... Moderate Unreviewed
CVE-2021-22186 was published May 24, 2022
An issue has been discovered in GitLab affecting all versions starting with 3.0.1. Improper... Moderate Unreviewed
CVE-2021-22176 was published May 24, 2022
The team sync HTTP API in Grafana Enterprise 7.4.x before 7.4.5 has an Incorrect Access Control... Moderate Unreviewed
CVE-2021-28146 was published May 24, 2022
In OpenEMR, versions v2.7.2-rc1 to 6.0.0 are vulnerable to Improper Access Control when creating... Moderate Unreviewed
CVE-2021-25920 was published May 24, 2022
Incorrect permission checks in Jenkins Role-based Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21624 was published for org.jenkins-ci.plugins:role-strategy (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
Incorrect permission checks in Jenkins Matrix Authorization Strategy Plugin may allow accessing some items Moderate
CVE-2021-21623 was published for org.jenkins-ci.plugins:matrix-auth (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to... Moderate Unreviewed
CVE-2021-20676 was published May 24, 2022
Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows... Moderate Unreviewed
CVE-2021-20633 was published May 24, 2022
Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows... Moderate Unreviewed
CVE-2021-20626 was published May 24, 2022
Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an... Moderate Unreviewed
CVE-2021-20624 was published May 24, 2022
Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows... Moderate Unreviewed
CVE-2021-20625 was published May 24, 2022
Moodle Bypass email verification secret when confirming account registration Moderate
CVE-2021-20282 was published for moodle/moodle (Composer) May 24, 2022
Missing permission check in Moodle Moderate
CVE-2021-20283 was published for moodle/moodle (Composer) May 24, 2022
Insufficient policy enforcement in QR scanning in Google Chrome on iOS prior to 89.0.4389.72... Moderate Unreviewed
CVE-2021-21186 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database