Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,790
Erlang
36
GitHub Actions
29
Go
2,370
Maven
5,000+
npm
3,994
NuGet
720
pip
3,783
Pub
12
RubyGems
927
Rust
982
Swift
38
Unreviewed advisories
All unreviewed
5,000+

566 advisories

Loading
Data leak in Canvas in Google Chrome prior to 99.0.4844.51 allowed a remote attacker who... Moderate Unreviewed
CVE-2022-0806 was published Apr 6, 2022
In PermissionController, there is a possible permission bypass due to an unsafe PendingIntent.... Moderate Unreviewed
CVE-2021-39757 was published Mar 31, 2022
In Telephony, there is a possible way to determine whether an app is installed, without query... Moderate Unreviewed
CVE-2021-39777 was published Mar 31, 2022
On unix-like systems, the system temporary directory is shared between all users on that system.... Moderate Unreviewed
CVE-2021-22572 was published Mar 30, 2022
Arbitrary file read vulnerability in Jenkins Tests Selector Plugin Moderate
CVE-2022-28160 was published for org.jenkins-ci.plugins:selected-tests-executor (Maven) Mar 30, 2022
NotMyFault
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue. Moderate Unreviewed
CVE-2022-25041 was published Mar 25, 2022
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the... Moderate Unreviewed
CVE-2021-27424 was published Mar 24, 2022
Exposure of Sensitive Information to an Unauthorized Actor in OpenStack tripleo-heat-templates Moderate
CVE-2021-4180 was published for tripleo-heat-templates (pip) Mar 24, 2022
A permissions issue was addressed with improved validation. This issue is fixed in Security... Moderate Unreviewed
CVE-2022-22583 was published Mar 19, 2022
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A... Moderate Unreviewed
CVE-2022-22622 was published Mar 19, 2022
The GSMA authentication panel could be presented on the lock screen. The issue was resolved by... Moderate Unreviewed
CVE-2022-22652 was published Mar 19, 2022
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed... Moderate Unreviewed
CVE-2021-43955 was published Mar 17, 2022
In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log... Moderate Unreviewed
CVE-2021-39715 was published Mar 17, 2022
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and... Moderate Unreviewed
CVE-2020-4989 was published Mar 16, 2022
Sensitive Information Exposure in Sylius Moderate
CVE-2022-24742 was published for sylius/sylius (Composer) Mar 14, 2022
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially... Moderate Unreviewed
CVE-2021-26341 was published Mar 12, 2022
Citrix Federated Authentication Service (FAS) 7.17 - 10.6 causes deployments that have been... Moderate Unreviewed
CVE-2022-26355 was published Mar 11, 2022
HTTP caching is marking private HTTP headers as public in Shopware Moderate
CVE-2022-24747 was published for shopware/core (Composer) Mar 10, 2022
UlrichThomasGabor
Remote Desktop Protocol Client Information Disclosure Vulnerability. Moderate Unreviewed
CVE-2022-24503 was published Mar 10, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23... Moderate Unreviewed
CVE-2022-26317 was published Mar 9, 2022
An issue was discovered in Zoho ManageEngine Key Manager Plus 6.1.6. A user, with the level... Moderate Unreviewed
CVE-2022-24446 was published Mar 2, 2022
A improper input validation in Fortinet FortiGate version 6.4.3 and below, version 6.2.5 and... Moderate Unreviewed
CVE-2020-15936 was published Mar 2, 2022
The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to... Moderate Unreviewed
CVE-2022-26159 was published Mar 1, 2022
Exposure of Resource to Wrong Sphere in microweber Moderate
CVE-2022-0762 was published for microweber/microweber (Composer) Feb 27, 2022
In JetBrains TeamCity before 2021.2.1, an unauthenticated attacker can cancel running builds via... Moderate Unreviewed
CVE-2022-24336 was published Feb 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database