Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

181 advisories

Loading
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not... Critical Unreviewed
CVE-2021-24915 was published Nov 30, 2021
FURUNO FELCOM 250 and 500 devices allow unauthenticated users to change the password for the... Critical Unreviewed
CVE-2018-16591 was published May 13, 2022
Missing Authorization in FastReport Critical
CVE-2020-27998 was published for FastReport.OpenSource (NuGet) Aug 2, 2021
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node... Critical Unreviewed
CVE-2022-36642 was published Sep 3, 2022
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. Critical Unreviewed
CVE-2022-44584 was published Nov 19, 2022
An issue was discovered in Tiny Issue 1.3.1 and pixeline Bugs through 1.3.2c. install/config... Critical Unreviewed
CVE-2019-9002 was published May 13, 2022
File system access via H2 in Apache Ignite Critical
CVE-2020-1963 was published for org.apache.ignite:ignite-core (Maven) Jun 5, 2020
An missing authorization vulnerability has been reported to affect QNAP device running Video... Critical Unreviewed
CVE-2021-44055 was published May 6, 2022
Missing Authorization in Filter Stream Converter Application of XWiki-platform Critical
CVE-2022-41937 was published for org.xwiki.platform:xwiki-platform-filter-ui (Maven) Nov 21, 2022
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging... Critical Unreviewed
CVE-2022-41271 was published Dec 13, 2022
Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at... Critical Unreviewed
CVE-2022-37344 was published Sep 7, 2022
Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at... Critical Unreviewed
CVE-2022-36427 was published Sep 7, 2022
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various... Critical Unreviewed
CVE-2021-43938 was published Apr 30, 2022
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows... Critical Unreviewed
CVE-2020-25366 was published May 24, 2022
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken... Critical Unreviewed
CVE-2021-32172 was published May 24, 2022
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect... Critical Unreviewed
CVE-2021-33924 was published May 24, 2022
BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an... Critical Unreviewed
CVE-2021-41729 was published May 24, 2022
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5... Critical Unreviewed
CVE-2021-37270 was published May 24, 2022
SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31,... Critical Unreviewed
CVE-2021-37535 was published May 24, 2022
An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to... Critical Unreviewed
CVE-2020-18753 was published May 24, 2022
A vulnerability in TOTOLINK A720R A720R_Firmware v4.1.5cu.470_B20200911 allows attackers to start... Critical Unreviewed
CVE-2021-35327 was published May 24, 2022
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before... Critical Unreviewed
CVE-2021-22891 was published May 24, 2022
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can... Critical Unreviewed
CVE-2021-27573 was published May 24, 2022
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a... Critical Unreviewed
CVE-2021-26990 was published May 24, 2022
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise... Critical Unreviewed
CVE-2021-36888 was published Dec 16, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database