GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
140 advisories
Filter by severity
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to...
High
Unreviewed
CVE-2021-24739
was published
Dec 22, 2021
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app...
High
Unreviewed
CVE-2022-22288
was published
Jan 11, 2022
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by...
High
Unreviewed
CVE-2021-28500
was published
Jan 15, 2022
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
High
Unreviewed
CVE-2022-0829
was published
Mar 3, 2022
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker...
High
Unreviewed
CVE-2022-28776
was published
Apr 12, 2022
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level...
High
Unreviewed
CVE-2021-43939
was published
Apr 29, 2022
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and...
High
Unreviewed
CVE-2016-1000219
was published
May 13, 2022
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA)...
High
Unreviewed
CVE-2018-15465
was published
May 13, 2022
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions...
High
Unreviewed
CVE-2016-7071
was published
May 13, 2022
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its...
High
Unreviewed
CVE-2016-7035
was published
May 13, 2022
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS...
High
Unreviewed
CVE-2016-5420
was published
May 14, 2022
Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check...
High
Unreviewed
CVE-2016-3352
was published
May 14, 2022
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass...
High
Unreviewed
CVE-2013-7245
was published
May 14, 2022
WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining...
High
Unreviewed
CVE-2016-4029
was published
May 17, 2022
Aruba Networks ClearPass Policy Manager before 6.4.7 and 6.5.x before 6.5.2 allows remote...
High
Unreviewed
CVE-2015-3656
was published
May 17, 2022
cgi-bin/cgi_system in NUUO NVRmini 2 1.7.5 through 2.x, NUUO NVRsolo 1.7.5 through 2.x, and...
High
Unreviewed
CVE-2016-5676
was published
May 17, 2022
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as...
High
Unreviewed
CVE-2016-1710
was published
May 17, 2022
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82,...
High
Unreviewed
CVE-2016-1711
was published
May 17, 2022
In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization...
High
Unreviewed
CVE-2014-9950
was published
May 17, 2022
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization...
High
Unreviewed
CVE-2014-9945
was published
May 17, 2022
Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to...
High
Unreviewed
CVE-2016-8443
was published
May 17, 2022
A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers...
High
Unreviewed
CVE-2016-9217
was published
May 17, 2022
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers...
High
Unreviewed
CVE-2016-7143
was published
May 17, 2022
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon...
High
Unreviewed
CVE-2016-4531
was published
May 17, 2022
A vulnerability in the Secure Shell (SSH) authentication process of Cisco Small Business Switches...
High
Unreviewed
CVE-2019-1859
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API