GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
3,000 advisories
Filter by severity
Unauthenticated Access Via OAI-PMH
High
CVE-2020-5228
was published
for
org.opencastproject:opencast-oaipmh-api
(Maven)
Jan 30, 2020
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2017-7677
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
Moderate
CVE-2018-1314
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-4ph2-8337-hm62
was published
for
dynamodb-encryption-sdk
(pip)
Feb 8, 2021
Bypass of fix for CVE-2020-15247, Twig sandbox escape
Low
CVE-2020-26231
was published
for
october/cms
(Composer)
Nov 23, 2020
Key Caching behavior in the DynamoDB Encryption Client.
Low
GHSA-w736-hf9p-qqh3
was published
for
com.amazonaws:aws-dynamodb-encryption-java
(Maven)
Feb 8, 2021
Generation of fake documents via public GET-call
Low
GHSA-jvg4-9rc2-wvcr
was published
for
shopware/platform
(Composer)
Feb 10, 2021
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing...
Moderate
Unreviewed
CVE-2023-0402
was published
Jan 19, 2023
Controller reconciles apps outside configured namespaces when sharding is enabled
High
CVE-2023-22736
was published
for
github.com/argoproj/argo-cd
(Go)
Jan 25, 2023
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25211
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in...
Moderate
Unreviewed
CVE-2021-24950
was published
Mar 15, 2022
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF...
Moderate
Unreviewed
CVE-2021-24958
was published
Mar 15, 2022
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious...
Moderate
Unreviewed
CVE-2021-45852
was published
Mar 17, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of...
Critical
Unreviewed
CVE-2021-45878
was published
Mar 22, 2022
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the...
High
Unreviewed
CVE-2022-27333
was published
Mar 23, 2022
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected...
Critical
Unreviewed
CVE-2022-24595
was published
Mar 19, 2022
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid...
High
Unreviewed
CVE-2021-3814
was published
Mar 26, 2022
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access...
High
Unreviewed
CVE-2022-27658
was published
Mar 29, 2022
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line...
Critical
Unreviewed
CVE-2021-45015
was published
Dec 15, 2021
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html...
Moderate
Unreviewed
CVE-2021-44937
was published
Dec 15, 2021
In WindowManager, there is a possible way to start a foreground activity from the background due...
High
Unreviewed
CVE-2021-39758
was published
Mar 31, 2022
In Settings, there is a possible way to add an auto-connect WiFi network without the user's...
High
Unreviewed
CVE-2021-39768
was published
Mar 31, 2022
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and...
Moderate
Unreviewed
CVE-2022-23183
was published
Apr 1, 2022
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an...
Critical
Unreviewed
CVE-2021-27856
was published
Dec 16, 2021
ProTip!
Advisories are also available from the
GraphQL API