Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of... Moderate Unreviewed
CVE-2022-24694 was published Feb 10, 2022
Missing authorization in xwiki-platform Moderate
CVE-2022-23621 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can... Moderate Unreviewed
CVE-2022-23316 was published Feb 9, 2022
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download... Moderate Unreviewed
CVE-2021-44983 was published Feb 9, 2022
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when... Moderate Unreviewed
CVE-2021-25004 was published Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and... Moderate Unreviewed
CVE-2021-24947 was published Feb 8, 2022
An information disclosure vulnerability exists due to a web server misconfiguration in the... High Unreviewed
CVE-2022-21236 was published Jan 29, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary... High Unreviewed
CVE-2022-0244 was published Jan 19, 2022
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1... Low Unreviewed
CVE-2022-22267 was published Jan 11, 2022
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically... Moderate Unreviewed
CVE-2022-22268 was published Jan 11, 2022
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1... Low Unreviewed
CVE-2022-22269 was published Jan 11, 2022
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows... Moderate Unreviewed
CVE-2022-22270 was published Jan 11, 2022
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which... High Unreviewed
CVE-2021-44315 was published Dec 17, 2021
Files Accessible to External Parties in Opencast Critical
CVE-2021-43821 was published for org.opencastproject:opencast-ingest-service-impl (Maven) Dec 14, 2021
gregorydlogan
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote... Moderate Unreviewed
CVE-2021-31850 was published Dec 9, 2021
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows... Low Unreviewed
CVE-2021-25521 was published Dec 9, 2021
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the... Moderate Unreviewed
CVE-2021-43772 was published Dec 4, 2021
Files or Directories Accessible to External Parties in kubernetes High
CVE-2021-25741 was published for k8s.io/kubernetes (Go) Nov 1, 2021
Files or Directories Accessible to External Parties in ether/logs High
CVE-2021-32752 was published for ether/logs (Composer) Jul 12, 2021
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez
Unauthorized access through URL manipulation High
GHSA-qrmm-w4v4-q7f8 was published for docassemble (pip) May 6, 2021
jimmio
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin Moderate
CVE-2021-21429 was published for org.openapitools:openapi-generator-maven-plugin (Maven) Apr 29, 2021
JLLeitschuh
Exposure of .env if project root is configured as web root in shopware/production Moderate
GHSA-3pcr-4982-548m was published for shopware/production (Composer) Apr 13, 2021
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen ohader
marclindemann vertexvaar sushiwushi waldhacker1
ProTip! Advisories are also available from the GraphQL API