Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,383
Erlang
33
GitHub Actions
22
Go
2,141
Maven
5,000+
npm
3,803
NuGet
687
pip
3,479
Pub
12
RubyGems
897
Rust
898
Swift
38
Unreviewed advisories
All unreviewed
5,000+

199 advisories

Loading
SonicWall SMA1000 series firmware 12.4.0, 12.4.1-02965 and earlier versions incorrectly restricts... Critical Unreviewed
CVE-2022-22282 was published May 14, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n kurt-r2c
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed
CVE-2022-3993 was published Nov 14, 2022
Dex vulnerable to Man-in-the-Middle allowing ID token capture via intercepted authorization code Critical
CVE-2022-39222 was published for github.com/dexidp/dex (Go) Oct 3, 2022
joernchen bobcallaway
haydentherapper
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate... Critical Unreviewed
CVE-2022-0885 was published Jun 14, 2022
Access control issue in ezsystems/ezpublish-kernel Critical
CVE-2022-48367 was published for ezsystems/ezpublish-kernel (Composer) Mar 12, 2023
Unintended read access in kramdown gem Critical
CVE-2020-14001 was published for kramdown (RubyGems) Aug 7, 2020
Authorization bypass in Strapi Critical
CVE-2020-27664 was published for strapi (npm) May 10, 2021
Kubernetes Privilege Escalation Critical
CVE-2017-1000056 was published for k8s.io/kubernetes (Go) May 12, 2021
Improper Input Validation in net.sf.robocode:robocode.host allows for external service interaction Critical
CVE-2019-10648 was published for net.sf.robocode:robocode.host (Maven) Apr 2, 2019
Pebble Templates Improper Input Validation vulnerability Critical
CVE-2019-19899 was published for io.pebbletemplates:pebble-project (Maven) May 24, 2022
An issue was discovered in the Boomerang Parental Control application through 13.83 for Android.... Critical Unreviewed
CVE-2023-36621 was published Nov 3, 2023
Exposure of sensitive information in Apache Ozone Critical
CVE-2021-39231 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21694 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21689 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21688 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity... Critical Unreviewed
CVE-2023-48417 was published Dec 11, 2023
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21695 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the... Critical Unreviewed
CVE-2023-50976 was published Dec 18, 2023
The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for... Critical Unreviewed
CVE-2023-5877 was published Jan 1, 2024
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via... Critical Unreviewed
CVE-2023-47458 was published Jan 2, 2024
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress... Critical Unreviewed
CVE-2023-6875 was published Jan 11, 2024
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious... Critical Unreviewed
CVE-2023-34063 was published Jan 16, 2024
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN... Critical Unreviewed
CVE-2023-20252 was published Sep 27, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database