GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
220 advisories
Filter by severity
Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates...
Critical
Unreviewed
CVE-2022-24609
was published
Mar 11, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14...
Critical
Unreviewed
CVE-2022-0735
was published
Mar 29, 2022
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
Critical
Unreviewed
CVE-2022-26279
was published
Mar 26, 2022
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen...
Critical
Unreviewed
CVE-2022-26629
was published
Mar 25, 2022
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the...
Critical
Unreviewed
CVE-2021-39052
was published
Dec 14, 2021
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin...
Critical
Unreviewed
CVE-2021-43703
was published
Dec 10, 2021
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use...
Critical
Unreviewed
CVE-2022-26676
was published
Apr 8, 2022
An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to...
Critical
Unreviewed
CVE-2022-27128
was published
Apr 11, 2022
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow...
Critical
Unreviewed
CVE-2021-46419
was published
Apr 8, 2022
There is an arbitrary address access vulnerability with the product line test code.Successful...
Critical
Unreviewed
CVE-2021-39994
was published
Feb 11, 2022
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control...
Critical
Unreviewed
CVE-2021-39070
was published
Feb 3, 2022
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow...
Critical
Unreviewed
CVE-2010-1435
was published
Apr 21, 2022
Depending on the configuration of the route permission table in file 'saprouttab', it is possible...
Critical
Unreviewed
CVE-2022-27668
was published
Jun 15, 2022
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC)...
Critical
Unreviewed
CVE-2021-1577
was published
May 24, 2022
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip...
Critical
Unreviewed
CVE-2021-28506
was published
Jan 15, 2022
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
Critical
Unreviewed
CVE-2021-3332
was published
May 24, 2022
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote...
Critical
Unreviewed
CVE-2021-3044
was published
May 24, 2022
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A...
Critical
Unreviewed
CVE-2021-35336
was published
May 24, 2022
TrueStack Direct Connect 1.4.7 has Incorrect Access Control.
Critical
Unreviewed
CVE-2022-23775
was published
May 26, 2022
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit...
Critical
Unreviewed
CVE-2021-21730
was published
May 24, 2022
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product....
Critical
Unreviewed
CVE-2021-33346
was published
May 24, 2022
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an...
Critical
Unreviewed
CVE-2022-25237
was published
Jun 3, 2022
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code...
Critical
Unreviewed
CVE-2021-30503
was published
May 24, 2022
A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to...
Critical
Unreviewed
CVE-2020-19301
was published
May 24, 2022
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
Critical
Unreviewed
CVE-2021-30192
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API