GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,093
Composer 4,324
Erlang 31
GitHub Actions 21
Go 2,087
Maven 5,251
npm 3,751
NuGet 674
pip 3,437
Pub 12
RubyGems 892
Rust 881
Swift 37

Unreviewed advisories

All unreviewed 241,745

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

230 advisories

Filter by severity

Sort by

Least recently updated

Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability. Critical Unreviewed

CVE-2022-37968 was published Oct 12, 2022

An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9... Critical Unreviewed

CVE-2022-36536 was published Sep 17, 2022

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6... Critical Unreviewed

CVE-2022-36793 was published Sep 10, 2022

Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at... Critical Unreviewed

CVE-2022-34858 was published Aug 23, 2022

In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all... Critical Unreviewed

CVE-2022-35243 was published Aug 5, 2022

The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the... Critical Unreviewed

CVE-2022-2317 was published Aug 2, 2022

The www-data (Apache web server) account is configured to run sudo with no password for many... Critical Unreviewed

CVE-2022-2104 was published Jun 25, 2022

The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root... Critical Unreviewed

CVE-2022-32535 was published Jun 24, 2022

Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. Critical Unreviewed

CVE-2022-2023 was published Jun 21, 2022

A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045,... Critical Unreviewed

CVE-2017-20049 was published Jun 16, 2022

OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in... Critical Unreviewed

CVE-2022-32272 was published Jun 10, 2022

A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This... Critical Unreviewed

CVE-2017-20028 was published Jun 10, 2022

A vulnerability classified as critical has been found in Demokratian. This affects an unknown... Critical Unreviewed

CVE-2020-36542 was published Jun 8, 2022

Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration"... Critical Unreviewed

CVE-2021-21502 was published May 24, 2022

Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges. Critical Unreviewed

CVE-2021-30132 was published May 24, 2022

Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22... Critical Unreviewed

CVE-2021-25508 was published May 24, 2022

An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel... Critical Unreviewed

CVE-2020-5955 was published May 24, 2022

There is a vulnerability of tampering with the kernel in Huawei Smartphone.Successful... Critical Unreviewed

CVE-2021-36986 was published May 24, 2022

Under certain configurations an unauthenticated remote user could be given access to credentials... Critical Unreviewed

CVE-2021-27664 was published May 24, 2022

VITEC Exterity IPTV products through 2021-04-30 allow privilege escalation to root. Critical Unreviewed

CVE-2021-42109 was published May 24, 2022

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0... Critical Unreviewed

CVE-2021-36879 was published May 24, 2022

An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to... Critical Unreviewed

CVE-2021-20034 was published May 24, 2022

Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an... Critical Unreviewed

CVE-2021-22941 was published May 24, 2022

ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover. Critical Unreviewed

CVE-2021-37424 was published May 24, 2022

Improper access control vulnerability in RevoWorks Browser 2.1.230 and earlier allows an attacker... Critical Unreviewed

CVE-2021-20791 was published May 24, 2022

Previous 1 2 3 4 5 6 7 8 9 10 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

230 advisories