GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
240 advisories
Filter by severity
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability...
Critical
Unreviewed
CVE-2021-20136
was published
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21691
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21693
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21692
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is...
Critical
Unreviewed
CVE-2021-35368
was published
May 24, 2022
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth,...
Critical
Unreviewed
CVE-2021-42837
was published
May 24, 2022
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file...
Critical
Unreviewed
CVE-2021-42002
was published
May 24, 2022
TrueStack Direct Connect 1.4.7 has Incorrect Access Control.
Critical
Unreviewed
CVE-2022-23775
was published
May 26, 2022
An access control issue in Linglong v1.0 allows attackers to access the background of the...
Critical
Unreviewed
CVE-2022-29633
was published
May 27, 2022
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an...
Critical
Unreviewed
CVE-2022-25237
was published
Jun 3, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x...
Critical
Unreviewed
CVE-2022-30310
was published
Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x...
Critical
Unreviewed
CVE-2022-30311
was published
Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web...
Critical
Unreviewed
CVE-2022-30309
was published
Jun 14, 2022
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web...
Critical
Unreviewed
CVE-2022-30308
was published
Jun 14, 2022
Depending on the configuration of the route permission table in file 'saprouttab', it is possible...
Critical
Unreviewed
CVE-2022-27668
was published
Jun 15, 2022
Improper Authorization in Apache Shiro
Critical
CVE-2022-32532
was published
for
org.apache.shiro:shiro-core
(Maven)
Jun 30, 2022
On Ampere Altra and AltraMax devices before SRP 1.09, the the Altra reference design of UEFI...
Critical
Unreviewed
CVE-2022-32295
was published
Jul 2, 2022
Zimbra Collaboration Open Source 8.8.15 does not encrypt the initial-login randomly created...
Critical
Unreviewed
CVE-2022-32294
was published
Jul 12, 2022
An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17....
Critical
Unreviewed
CVE-2022-35890
was published
Jul 16, 2022
An issue was discovered in Poly EagleEye Director II before 2.2.2.1. Existence of a certain file ...
Critical
Unreviewed
CVE-2022-26479
was published
Jul 18, 2022
Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88...
Critical
Unreviewed
CVE-2022-1309
was published
Jul 26, 2022
HashiCorp Vault and Vault Enterprise through 2022-07-17 have Incorrect Access Control.
Critical
Unreviewed
CVE-2022-36129
was published
Jul 27, 2022
NextAuth.js before 4.10.3 and 3.29.10 sending verification requests (magic link) to unwanted emails
Critical
CVE-2022-35924
was published
for
next-auth
(npm)
Aug 2, 2022
The SystemUI module has a privilege escalation vulnerability. Successful exploitation of this...
Critical
Unreviewed
CVE-2022-37002
was published
Aug 11, 2022
Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before...
Critical
Unreviewed
CVE-2022-25899
was published
Aug 19, 2022
ProTip!
Advisories are also available from the
GraphQL API