Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

1,337 advisories

Loading
In JetBrains TeamCity before 2020.2.1, permissions during token removal were checked improperly. Moderate Unreviewed
CVE-2021-25777 was published May 24, 2022
In JetBrains TeamCity before 2020.2.1, a user could get access to the GitHub access token of... Moderate Unreviewed
CVE-2021-25774 was published May 24, 2022
Archer before 6.9 P1 (6.9.0.1) contains an improper access control vulnerability in an API. A... Moderate Unreviewed
CVE-2020-29538 was published May 24, 2022
MantisBT Incorrect Authorization in bug_actiongroup_page.php Moderate
CVE-2020-29605 was published for mantisbt/mantisbt (Composer) May 24, 2022
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6... Moderate Unreviewed
CVE-2020-28404 was published May 24, 2022
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6... Moderate Unreviewed
CVE-2020-28406 was published May 24, 2022
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6... Moderate Unreviewed
CVE-2020-28401 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco SD-WAN vManage Software... Moderate Unreviewed
CVE-2021-1305 was published May 24, 2022
Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network... Moderate Unreviewed
CVE-2021-1270 was published May 24, 2022
Clustered Data ONTAP versions prior to 9.3P20 and 9.5 are susceptible to a vulnerability which... Moderate Unreviewed
CVE-2020-8581 was published May 24, 2022
Missing permission check for paths with specific prefix in Jenkins Moderate
CVE-2021-21609 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Credited to NotMyFault
A vulnerability in Cisco Connected Mobile Experiences (CMX) API authorizations could allow an... Moderate Unreviewed
CVE-2021-1143 was published May 24, 2022
Windows Bluetooth Security Feature Bypass Vulnerability This CVE ID is unique from CVE-2021-1683,... Moderate Unreviewed
CVE-2021-1638 was published May 24, 2022
NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode... Moderate Unreviewed
CVE-2021-1055 was published May 24, 2022
NVIDIA GPU Display Driver for Windows, all versions, contains a vulnerability in the kernel mode... Moderate Unreviewed
CVE-2021-1054 was published May 24, 2022
The Ninja Forms plugin before 3.4.28 for WordPress lacks escaping for submissions-table fields. Moderate Unreviewed
CVE-2020-36173 was published May 24, 2022
The Ninja Forms plugin before 3.4.27.1 for WordPress allows attackers to bypass validation via... Moderate Unreviewed
CVE-2020-36175 was published May 24, 2022
An issue was discovered in Zammad before 3.5.1. An Agent with Customer permissions in a Group can... Moderate Unreviewed
CVE-2020-29158 was published May 24, 2022
WooCommerce Incorrect Authorization Moderate
CVE-2020-29156 was published for woocommerce/woocommerce (Composer) May 24, 2022
An issue was discovered in Zammad before 3.4.1. Admin Users without a ticket.* permission can... Moderate Unreviewed
CVE-2020-26028 was published May 24, 2022
An issue was discovered in Zammad before 3.4.1. There are wrong authorization checks for... Moderate Unreviewed
CVE-2020-26029 was published May 24, 2022
IBM Automation Workstream Services 19.0.3, 20.0.1, 20.0.2, IBM Business Automation Workflow 18.0,... Moderate Unreviewed
CVE-2020-4794 was published May 24, 2022
The AWV component of Mitel MiCollab before 9.2 could allow an attacker to gain access to a web... Moderate Unreviewed
CVE-2020-25610 was published May 24, 2022
The NuPoint Messenger of Mitel MiCollab before 9.2 could allow an attacker with escalated... Moderate Unreviewed
CVE-2020-25612 was published May 24, 2022
In sendLinkConfigurationChangedBroadcast of ClientModeImpl.java, there is a possible information... Moderate Unreviewed
CVE-2020-0477 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database