GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,014
Maven
5,000+
npm
3,721
NuGet
662
pip
3,393
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+
181 advisories
Filter by severity
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction
Critical
CVE-2019-10648
was published
for
net.sf.robocode:robocode.host
(Maven)
Apr 2, 2019
File system access via H2 in Apache Ignite
Critical
CVE-2020-1963
was published
for
org.apache.ignite:ignite-core
(Maven)
Jun 5, 2020
Unintended read access in kramdown gem
Critical
CVE-2020-14001
was published
for
kramdown
(RubyGems)
Aug 7, 2020
Kubernetes Privilege Escalation
Critical
CVE-2017-1000056
was published
for
k8s.io/kubernetes
(Go)
May 12, 2021
Missing Authorization in FastReport
Critical
CVE-2020-27998
was published
for
FastReport.OpenSource
(NuGet)
Aug 2, 2021
Exposure of sensitive information in Apache Ozone
Critical
CVE-2021-39231
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not...
Critical
Unreviewed
CVE-2021-24915
was published
Nov 30, 2021
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line...
Critical
Unreviewed
CVE-2021-45015
was published
Dec 15, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an...
Critical
Unreviewed
CVE-2021-27856
was published
Dec 16, 2021
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise...
Critical
Unreviewed
CVE-2021-36888
was published
Dec 16, 2021
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily...
Critical
Unreviewed
CVE-2020-20944
was published
Dec 28, 2021
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro...
Critical
Unreviewed
CVE-2021-25032
was published
Jan 11, 2022
Missing authentication in ShenYu
Critical
CVE-2022-23944
was published
for
org.apache.shenyu:shenyu-common
(Maven)
Jan 28, 2022
It was discovered, that redis, a persistent key-value database, due to a packaging issue, is...
Critical
Unreviewed
CVE-2022-0543
was published
Feb 19, 2022
There is an improper verification vulnerability in smartphones. Successful exploitation of this...
Critical
Unreviewed
CVE-2021-22448
was published
Feb 26, 2022
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected...
Critical
Unreviewed
CVE-2022-24595
was published
Mar 19, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of...
Critical
Unreviewed
CVE-2021-45878
was published
Mar 22, 2022
Improper access control allows admin privilege escalation in Argo CD
Critical
CVE-2022-24768
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Hospital Management System v1.0 was discovered to lack an authorization component, allowing...
Critical
Unreviewed
CVE-2022-26546
was published
Apr 1, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature
Critical
CVE-2022-1245
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 26, 2022
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various...
Critical
Unreviewed
CVE-2021-43938
was published
Apr 30, 2022
Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass
Critical
Unreviewed
CVE-2013-3960
was published
May 5, 2022
An missing authorization vulnerability has been reported to affect QNAP device running Video...
Critical
Unreviewed
CVE-2021-44055
was published
May 6, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of...
Critical
Unreviewed
CVE-2018-4059
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API