Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

181 advisories

Loading
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config... Critical Unreviewed
CVE-2019-9002 was published May 13, 2022
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. Critical Unreviewed
CVE-2022-44584 was published Nov 19, 2022
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node... Critical Unreviewed
CVE-2022-36642 was published Sep 3, 2022
Missing Authorization in FastReport Critical
CVE-2020-27998 was published for FastReport.OpenSource (NuGet) Aug 2, 2021
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the... Critical Unreviewed
CVE-2018-16591 was published May 13, 2022
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not... Critical Unreviewed
CVE-2021-24915 was published Nov 30, 2021
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21687 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
LCDS Laquis SCADA prior to version 4.1.0.4150 allows taking in user input without proper... Critical Unreviewed
CVE-2018-18996 was published May 13, 2022
Unprivileged user can access all functions in the Surveillance Station component in QNAP TS212P... Critical Unreviewed
CVE-2017-12582 was published May 13, 2022
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro... Critical Unreviewed
CVE-2021-25032 was published Jan 11, 2022
A vulnerability in the role-based access control (RBAC) functionality of Cisco Prime Data Center... Critical Unreviewed
CVE-2017-6639 was published May 13, 2022
A vulnerability in the web interface for Cisco Prime Collaboration Provisioning could allow an... Critical Unreviewed
CVE-2017-6622 was published May 13, 2022
Juju before 1.25.12, 2.0.x before 2.0.4, and 2.1.x before 2.1.3 uses a UNIX domain socket without... Critical Unreviewed
CVE-2017-9232 was published May 13, 2022
A root privilege escalation vulnerability in the Sonus SBC 1000 / SBC 2000 / SBC SWe Lite web... Critical Unreviewed
CVE-2018-11541 was published May 13, 2022
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the... Critical Unreviewed
CVE-2018-5377 was published May 13, 2022
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in... Critical Unreviewed
CVE-2018-6000 was published May 13, 2022
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e... Critical Unreviewed
CVE-2018-7702 was published May 13, 2022
NuCom WR644GACV devices before STA006 allow an attacker to download the configuration file... Critical Unreviewed
CVE-2018-8755 was published May 13, 2022
Improper Input Validation vulnerability in Eskom Bilgisayar e-Belediye allows Information... Critical Unreviewed
CVE-2023-1114 was published Mar 1, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the... Critical Unreviewed
CVE-2023-26957 was published Mar 9, 2023
The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image... Critical Unreviewed
CVE-2023-0349 was published Mar 13, 2023
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740,... Critical Unreviewed
CVE-2023-27269 was published Mar 14, 2023
THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to,... Critical Unreviewed
CVE-2022-4939 was published Apr 5, 2023
Missing authentication in ShenYu Critical
CVE-2022-23944 was published for org.apache.shenyu:shenyu-common (Maven) Jan 28, 2022
tdunlap607
Improper access control allows admin privilege escalation in Argo CD Critical
CVE-2022-24768 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database