Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,737
Maven
5,000+
npm
4,337
NuGet
764
pip
4,112
Pub
12
RubyGems
960
Rust
1,068
Swift
45
Unreviewed advisories
All unreviewed
5,000+

415 advisories

Loading
A denial of service vulnerability exists in the ucloud_del_node functionality of TCL LinkHub Mesh... Critical Unreviewed
CVE-2022-26346 was published Aug 6, 2022
A vulnerability, which was classified as critical, has been found in SourceCodester Garage... Critical Unreviewed
CVE-2022-2578 was published Jul 30, 2022
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an... Critical Unreviewed
CVE-2022-2103 was published Jun 25, 2022
The remote administration UI in D-Link DIR-815 devices with firmware before 2.07.B01 allows... Critical Unreviewed
CVE-2015-0150 was published May 24, 2022
The server permits communication without any authentication procedure, allowing the attacker to... Critical Unreviewed
CVE-2021-38457 was published May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2... Critical Unreviewed
CVE-2021-38454 was published May 24, 2022
There is a flaw in the code used to configure the internal gateway firewall when the gateway's... Critical Unreviewed
CVE-2020-12030 was published May 24, 2022
Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an... Critical Unreviewed
CVE-2021-22941 was published May 24, 2022
An improper access control vulnerability has been reported to affect certain legacy versions of... Critical Unreviewed
CVE-2021-28809 was published May 24, 2022
This vulnerability allows remote attackers to execute escalate privileges on affected... Critical Unreviewed
CVE-2021-27258 was published May 24, 2022
An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress... Critical Unreviewed
CVE-2021-24215 was published May 24, 2022
The vulnerability have been reported to affect earlier versions of QTS. If exploited, this... Critical Unreviewed
CVE-2020-2506 was published May 24, 2022
A CWE-284: Improper Access Control vulnerability exists in Easergy T300 (with firmware 2.7 and... Critical Unreviewed
CVE-2020-7561 was published May 24, 2022
A flaw was found in the nova_libvirt container provided by the Red Hat OpenStack Platform 16,... Critical Unreviewed
CVE-2020-10731 was published May 24, 2022
Maltego incorrectly shares a MISP connection across users in a remote-transform use case Critical
CVE-2020-12889 was published for MISP-maltego (pip) May 24, 2022
westonsteimel
Credited to westonsteimel
Computing For Good's Basic Laboratory Information System (also known as C4G BLIS) version 3.5 and... Critical Unreviewed
CVE-2019-5644 was published May 24, 2022
The web application portal of the Cobham EXPLORER 710, firmware version 1.07, allows... Critical Unreviewed
CVE-2019-9531 was published May 24, 2022
The woo-confirmation-email plugin before 3.2.0 for WordPress has no blocking of direct access to... Critical Unreviewed
CVE-2018-21007 was published May 24, 2022
The invite-anyone plugin before 1.3.16 for WordPress has incorrect access control for email-based... Critical Unreviewed
CVE-2017-18543 was published May 24, 2022
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to... Critical Unreviewed
CVE-2019-9884 was published May 24, 2022
Wikimedia MediaWiki Incorrect Access Control vulnerability Critical
CVE-2019-12468 was published for mediawiki/core (Composer) May 24, 2022
Incorrect access control in the database manager component in Odoo Community 10.0 and 11.0 and... Critical Unreviewed
CVE-2018-14885 was published May 24, 2022
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent:... Critical Unreviewed
CVE-2019-2729 was published May 24, 2022
An Insufficient Access Control vulnerability (leading to credential disclosure) in... Critical Unreviewed
CVE-2018-17148 was published May 24, 2022
Symfony Incorrect Access Control Critical
CVE-2017-11365 was published for symfony/security (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database