GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
498 advisories
Filter by severity
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0993
was published
Apr 20, 2022
go.etcd.io/etcd Authentication Bypass
High
CVE-2018-16886
was published
for
go.etcd.io/etcd
(Go)
Apr 12, 2022
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker...
High
Unreviewed
CVE-2022-28776
was published
Apr 12, 2022
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Moderate
Unreviewed
CVE-2022-0821
was published
Mar 12, 2022
Duplicate Advisory: Improper Authorization in Gogs
High
GHSA-65f3-3278-7m65
was published
for
gogs.io/gogs
(Go)
Mar 12, 2022
•
withdrawn
Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
Moderate
Unreviewed
CVE-2022-0756
was published
Mar 8, 2022
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
High
Unreviewed
CVE-2022-0829
was published
Mar 3, 2022
Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.
Moderate
Unreviewed
CVE-2022-0726
was published
Feb 24, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Critical
Unreviewed
CVE-2022-21196
was published
Feb 19, 2022
Improper Authorization in librenms
High
CVE-2022-0587
was published
for
librenms/librenms
(Composer)
Feb 16, 2022
Access Restriction Bypass in Docker
Moderate
CVE-2014-6408
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Arbitrary Code Execution
High
CVE-2014-9357
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Information Exposure in Docker Engine
High
CVE-2015-3630
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Arbitrary File Override in Docker Engine
Moderate
CVE-2015-3631
was published
for
github.com/docker/docker
(Go)
Feb 15, 2022
Reject unauthorized access with GitHub PATs
High
CVE-2021-21432
was published
for
github.com/go-vela/server
(Go)
Feb 15, 2022
Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers...
Moderate
Unreviewed
CVE-2022-24002
was published
Feb 12, 2022
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by...
High
Unreviewed
CVE-2021-28500
was published
Jan 15, 2022
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to...
Low
Unreviewed
CVE-2022-22272
was published
Jan 11, 2022
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app...
High
Unreviewed
CVE-2022-22288
was published
Jan 11, 2022
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to...
High
Unreviewed
CVE-2021-24739
was published
Dec 22, 2021
Authorization bypass in Openshift
Critical
CVE-2016-1906
was published
for
github.com/openshift/origin
(Go)
Dec 20, 2021
Publify `guest` role users can self-register even when the admin does not allow it
Moderate
CVE-2021-25973
was published
for
publify_core
(RubyGems)
Nov 3, 2021
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Critical
CVE-2021-32619
was published
for
deno
(Rust)
Sep 23, 2021
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client`
Low
GHSA-prqf-xr2j-xf65
was published
for
github.com/argoproj/argo-workflows/v3
(Go)
Aug 23, 2021
ProTip!
Advisories are also available from the
GraphQL API