Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,386
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,480
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

868 advisories

Loading
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks... High Unreviewed
CVE-2022-0952 was published May 3, 2022
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly... High Unreviewed
CVE-2009-3781 was published May 2, 2022
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5... High Unreviewed
CVE-2006-4483 was published May 1, 2022
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of... High Unreviewed
CVE-2022-1329 was published Apr 20, 2022
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP... High Unreviewed
CVE-2022-27480 was published Apr 13, 2022
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver... High Unreviewed
CVE-2022-27669 was published Apr 13, 2022
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk... High Unreviewed
CVE-2020-23349 was published Apr 6, 2022
In WindowManager, there is a possible way to start a foreground activity from the background due... High Unreviewed
CVE-2021-39758 was published Mar 31, 2022
In Settings, there is a possible way to add an auto-connect WiFi network without the user's... High Unreviewed
CVE-2021-39768 was published Mar 31, 2022
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access... High Unreviewed
CVE-2022-27658 was published Mar 29, 2022
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid... High Unreviewed
CVE-2021-3814 was published Mar 26, 2022
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the... High Unreviewed
CVE-2022-27333 was published Mar 23, 2022
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper... High Unreviewed
CVE-2022-0229 was published Mar 22, 2022
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27211 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
The Download Manager WordPress plugin before 3.2.35 does not have any authorisation checks in... High Unreviewed
CVE-2021-25087 was published Mar 8, 2022
DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an... High Unreviewed
CVE-2021-46378 was published Mar 5, 2022
KDE KCron through 21.12.2 uses a temporary file in /tmp when saving, but reuses the filename... High Unreviewed
CVE-2022-24986 was published Feb 27, 2022
A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support... High Unreviewed
CVE-2020-25718 was published Feb 19, 2022
Improper Privilege Management in Snipe-IT High
CVE-2022-0611 was published for snipe/snipe-it (Composer) Feb 17, 2022
Missing permission check in Jenkins SCP publisher Plugin High
CVE-2022-25199 was published for org.jenkins-ci.plugins:scp (Maven) Feb 16, 2022
NotMyFault
Missing Authorization in Jenkins dbCharts Plugin High
CVE-2022-25206 was published for org.jenkins-ci.plugins:dbCharts (Maven) Feb 16, 2022
NotMyFault
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database