Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

726 advisories

Loading
Tryton Improper Access Control High
CVE-2019-10868 was published for trytond (pip) Apr 10, 2019
Undertow Missing Authorization when requesting a protected directory without trailing slash High
CVE-2019-10184 was published for io.undertow:undertow-servlet (Maven) Aug 1, 2019
Unauthenticated Access Via OAI-PMH High
CVE-2020-5228 was published for org.opencastproject:opencast-oaipmh-api (Maven) Jan 30, 2020
Exposure of Sensitive Information to an Unauthorized Actor in Doorkeeper High
CVE-2020-10187 was published for doorkeeper (RubyGems) May 7, 2020
stefansundin nbulaj
Missing Authorization in TeamPass High
CVE-2020-11671 was published for nilsteampassnet/teampass (Composer) Jul 26, 2021
Improper Authorization in Google OAuth Client High
CVE-2020-7692 was published for com.google.oauth-client:google-oauth-client (Maven) Sep 28, 2021
Missing Authorization with Default Settings in Dashboard UI High
CVE-2021-41238 was published for Hangfire.Core (NuGet) Nov 3, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens High
CVE-2021-39236 was published for org.apache.hadoop:hadoop-ozone-ozone-manager (Maven) Nov 23, 2021
Incorrect Authorization in Apache Ozone High
CVE-2021-39232 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari ... High Unreviewed
CVE-2021-20835 was published Nov 25, 2021
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user.... High Unreviewed
CVE-2021-36917 was published Nov 25, 2021
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in... High Unreviewed
CVE-2021-24914 was published Dec 7, 2021
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require... High Unreviewed
CVE-2021-34543 was published Dec 8, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... High Unreviewed
CVE-2021-20865 was published Dec 14, 2021
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary... High Unreviewed
CVE-2021-44233 was published Dec 15, 2021
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will... High Unreviewed
CVE-2021-41066 was published Dec 15, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... High Unreviewed
CVE-2021-27859 was published Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... High Unreviewed
CVE-2021-27857 was published Dec 16, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a... High Unreviewed
CVE-2021-27855 was published Dec 16, 2021
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to... High Unreviewed
CVE-2021-1017 was published Dec 16, 2021
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user... High Unreviewed
CVE-2021-0926 was published Dec 16, 2021
In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to... High Unreviewed
CVE-2021-0923 was published Dec 16, 2021
In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass... High Unreviewed
CVE-2021-0922 was published Dec 16, 2021
TCMAN GIM does not perform an authorization check when trying to access determined resources. A... High Unreviewed
CVE-2021-40853 was published Dec 18, 2021
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle... High Unreviewed
CVE-2021-37572 was published Dec 27, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database