Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,783
Erlang
36
GitHub Actions
29
Go
2,353
Maven
5,000+
npm
3,977
NuGet
720
pip
3,774
Pub
12
RubyGems
923
Rust
981
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,005 advisories

Loading
Gitea Missing Authorization vulnerability High
CVE-2022-0905 was published for code.gitea.io/gitea (Go) Mar 11, 2022
Duplicate Advisory: Improper Authorization in Gogs High
GHSA-65f3-3278-7m65 was published for gogs.io/gogs (Go) Mar 12, 2022 withdrawn
Gogs vulnerable to improper PAM authorization handling High
CVE-2022-0871 was published for gogs.io/gogs (Go) Mar 14, 2022
ysf
CSRF vulnerability and missing permission checks in Jenkins kubernetes-cd Plugin allow capturing credentials High
CVE-2022-27211 was published for org.jenkins-ci.plugins:kubernetes-cd (Maven) Mar 16, 2022
NotMyFault
The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper... High Unreviewed
CVE-2022-0229 was published Mar 22, 2022
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the... High Unreviewed
CVE-2022-27333 was published Mar 23, 2022
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid... High Unreviewed
CVE-2021-3814 was published Mar 26, 2022
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access... High Unreviewed
CVE-2022-27658 was published Mar 29, 2022
In Settings, there is a possible way to add an auto-connect WiFi network without the user's... High Unreviewed
CVE-2021-39768 was published Mar 31, 2022
In WindowManager, there is a possible way to start a foreground activity from the background due... High Unreviewed
CVE-2021-39758 was published Mar 31, 2022
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk... High Unreviewed
CVE-2020-23349 was published Apr 6, 2022
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver... High Unreviewed
CVE-2022-27669 was published Apr 13, 2022
A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP... High Unreviewed
CVE-2022-27480 was published Apr 13, 2022
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of... High Unreviewed
CVE-2022-1329 was published Apr 20, 2022
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5... High Unreviewed
CVE-2006-4483 was published May 1, 2022
The filefield_file_download function in FileField 6.x-3.1, a module for Drupal, does not properly... High Unreviewed
CVE-2009-3781 was published May 2, 2022
The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks... High Unreviewed
CVE-2022-0952 was published May 3, 2022
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place... High Unreviewed
CVE-2021-25002 was published May 3, 2022
In telephony, there is a possible way to disable receiving SMS messages due to a missing... High Unreviewed
CVE-2022-20093 was published May 4, 2022
In telephony, there is a possible way to disable receiving emergency broadcasts due to a missing... High Unreviewed
CVE-2022-20084 was published May 4, 2022
A vulnerability in the role-based access control (RBAC) functionality of the Brocade SANNav... High Unreviewed
CVE-2022-28165 was published May 7, 2022
In CarSetings, there is a possible to pair BT device bypassing user's consent due to a missing... High Unreviewed
CVE-2021-39738 was published May 11, 2022
The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper... High Unreviewed
CVE-2022-1442 was published May 11, 2022
SAP NetWeaver Application Server for ABAP and ABAP Platform do not perform necessary... High Unreviewed
CVE-2022-29611 was published May 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database