Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,299
Erlang
31
GitHub Actions
21
Go
2,064
Maven
5,000+
npm
3,744
NuGet
668
pip
3,424
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

795 advisories

Loading
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
Missing permission check in Jenkins SCP publisher Plugin High
CVE-2022-25199 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
Missing Authorization in Jenkins dbCharts Plugin High
CVE-2022-25206 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
Missing permission checks in Jenkins Chef Sinatra Plugin allow XXE High
CVE-2022-25208 was published for org.jenkins-ci.plugins:sinatra-chef-builder (Maven) Feb 16, 2022
NotMyFault
Reject unauthorized access with GitHub PATs High
CVE-2021-21432 was published for github.com/go-vela/server (Go) Feb 15, 2022
JordanSussman
An access control issue in hprms/admin/?page=user/list of Hospital Patient Record Management... High Unreviewed
CVE-2022-22854 was published Feb 15, 2022
In system service, there is a possible permission bypass due to a missing permission check. This... High Unreviewed
CVE-2022-20024 was published Feb 11, 2022
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This... High Unreviewed
CVE-2022-20043 was published Feb 11, 2022
In Bluetooth, there is a possible escalation of privilege due to a missing permission check. This... High Unreviewed
CVE-2022-20041 was published Feb 11, 2022
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when... High Unreviewed
CVE-2022-24317 was published Feb 11, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting... High Unreviewed
CVE-2021-25093 was published Feb 2, 2022
Missing authentication in ShenYu High
CVE-2022-23945 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Single Connect does not perform an authorization check when using the sc-reports-ui" module. A... High Unreviewed
CVE-2021-44793 was published Jan 28, 2022
Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui"... High Unreviewed
CVE-2021-44795 was published Jan 28, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed
CVE-2021-24906 was published Jan 25, 2022
The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to... High Unreviewed
CVE-2022-0236 was published Jan 19, 2022
Missing Authorization in DayByDay CRM High
CVE-2022-22111 was published for bottelet/flarepoint (Composer) Jan 8, 2022
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated... High Unreviewed
CVE-2021-24831 was published Jan 4, 2022
Yappli is an application development platform which provides the function to access a requested... High Unreviewed
CVE-2021-20873 was published Dec 29, 2021
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle... High Unreviewed
CVE-2021-37572 was published Dec 27, 2021
TCMAN GIM does not perform an authorization check when trying to access determined resources. A... High Unreviewed
CVE-2021-40853 was published Dec 18, 2021
In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass... High Unreviewed
CVE-2021-0922 was published Dec 16, 2021
In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to... High Unreviewed
CVE-2021-0923 was published Dec 16, 2021
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user... High Unreviewed
CVE-2021-0926 was published Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database