Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

868 advisories

Loading
Under some circumstances, masterdata maintenance in SAP BW/4HANA (fixed in DW4CORE version 1.0 ... High Unreviewed
CVE-2019-0243 was published May 13, 2022
Tarantella Enterprise before 3.11 allows bypassing Access Control. High Unreviewed
CVE-2018-19754 was published May 13, 2022
EasyLobby Solo is vulnerable to a denial of service. By visiting the kiosk and accessing the task... High Unreviewed
CVE-2018-17490 was published May 13, 2022
EasyLobby Solo could allow a local attacker to gain elevated privileges on the system. By... High Unreviewed
CVE-2018-17491 was published May 13, 2022
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution. High Unreviewed
CVE-2018-10093 was published May 13, 2022
Dolibarr arbitrary commands execution High
CVE-2018-10092 was published for dolibarr/dolibarr (Composer) May 13, 2022
In the ServiceManager::add function in the hardware service manager, there is an insecure... High Unreviewed
CVE-2017-13209 was published May 13, 2022
Missing permission checks in Jenkins Periodic Backup Plugin allow every user to change settings High
CVE-2017-1000086 was published for org.jenkins-ci.plugins:periodicbackup (Maven) May 13, 2022
Jenkins Groovy Plugin sandbox bypass vulnerability High
CVE-2019-1003006 was published for org.jenkins-ci.plugins:groovy (Maven) May 13, 2022
It was discovered that in the ovirt's REST API before version 4.3.2.1, RemoveDiskCommand is... High Unreviewed
CVE-2019-3879 was published May 13, 2022
The XML Data Archiving Service (XML DAS) in SAP NetWeaver AS Java does not check authorization,... High Unreviewed
CVE-2015-8840 was published May 13, 2022
Omission of the .desktop filetype from the Safe Browsing checklist in SafeBrowsing in Google... High Unreviewed
CVE-2019-5774 was published May 13, 2022
By default, the SAP NetWeaver AS Java keystore service does not sufficiently restrict the access... High Unreviewed
CVE-2018-2503 was published May 13, 2022
SAP Enterprise Financial Services (fixed in SAPSCORE 1.13, 1.14, 1.15; S4CORE 1.01, 1.02, 1.03;... High Unreviewed
CVE-2018-2484 was published May 13, 2022
Trend Micro ServerProtect for Linux 3.0 before CP 1531 allows local users to gain privileges by... High Unreviewed
CVE-2017-9036 was published May 13, 2022
Missing Authorization in Apache ZooKeeper High
CVE-2018-8012 was published for org.apache.zookeeper:zookeeper (Maven) May 13, 2022
A Permissions, Privileges, and Access Control vulnerability exists in Schneider Electric's... High Unreviewed
CVE-2018-7792 was published May 13, 2022
rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS, thus... High Unreviewed
CVE-2019-9924 was published May 13, 2022
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary... High Unreviewed
CVE-2022-29611 was published May 12, 2022
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper... High Unreviewed
CVE-2022-1442 was published May 11, 2022
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing... High Unreviewed
CVE-2021-39738 was published May 11, 2022
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav... High Unreviewed
CVE-2022-28165 was published May 7, 2022
In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing... High Unreviewed
CVE-2022-20084 was published May 4, 2022
In telephony, there is a possible way to disable receiving SMS messages due to a missing... High Unreviewed
CVE-2022-20093 was published May 4, 2022
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place... High Unreviewed
CVE-2021-25002 was published May 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database