Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,780
Erlang
36
GitHub Actions
29
Go
2,344
Maven
5,000+
npm
3,973
NuGet
719
pip
3,770
Pub
12
RubyGems
923
Rust
978
Swift
38
Unreviewed advisories
All unreviewed
5,000+

239 advisories

Loading
A missing authorization vulnerability exists in Citrix ShareFile Storage Zones Controller before... Critical Unreviewed
CVE-2021-22891 was published May 24, 2022
It has been discovered that redhat-certification does not perform an authorization check and it... Critical Unreviewed
CVE-2018-10866 was published May 24, 2022
IBM Planning Analytics Local 2.0 connects to a MongoDB server. MongoDB, a document-oriented... Critical Unreviewed
CVE-2020-4669 was published May 24, 2022
An issue was discovered in Emote Remote Mouse through 4.0.0.0. Remote unauthenticated users can... Critical Unreviewed
CVE-2021-27573 was published May 24, 2022
Cloud Manager versions prior to 3.9.4 are susceptible to a vulnerability that could allow a... Critical Unreviewed
CVE-2021-26990 was published May 24, 2022
** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access.... Critical Unreviewed
CVE-2021-28154 was published May 24, 2022
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows... Critical Unreviewed
CVE-2021-28141 was published May 24, 2022
The ASUS DSL-N17U modem with firmware 1.1.0.2 allows attackers to access the admin interface by... Critical Unreviewed
CVE-2020-35219 was published May 24, 2022
An issue was discovered in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is... Critical Unreviewed
CVE-2020-29551 was published May 24, 2022
A CWE-862: Missing Authorization vulnerability exists in Easergy T300 (firmware 2.7 and older),... Critical Unreviewed
CVE-2020-28215 was published May 24, 2022
MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php... Critical Unreviewed
CVE-2020-29006 was published May 24, 2022
An authorization bypass and PHP local-file-include vulnerability in the installation component of... Critical Unreviewed
CVE-2020-7472 was published May 24, 2022
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to... Critical Unreviewed
CVE-2020-26823 was published May 24, 2022
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to... Critical Unreviewed
CVE-2020-26822 was published May 24, 2022
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to... Critical Unreviewed
CVE-2020-26821 was published May 24, 2022
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to... Critical Unreviewed
CVE-2020-26824 was published May 24, 2022
wp-includes/class-wp-xmlrpc-server.php in WordPress before 5.5.2 allows attackers to gain... Critical Unreviewed
CVE-2020-28036 was published May 24, 2022
A remote unauthorized access vulnerability was discovered in Aruba Airwave Software version(s):... Critical Unreviewed
CVE-2020-7124 was published May 24, 2022
In Bender COMTRAXX, user authorization is validated for most, but not all, routes in the system.... Critical Unreviewed
CVE-2019-19885 was published May 24, 2022
IBM Security Access Manager 9.0.7 and IBM Security Verify Access 10.0.0 could allow an... Critical Unreviewed
CVE-2020-4499 was published May 24, 2022
Arbitrary code execution vulnerability on Micro Focus Operation Bridge Reporter, affecting... Critical Unreviewed
CVE-2020-11856 was published May 24, 2022
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>,... Critical Unreviewed
CVE-2020-6823 was published May 24, 2022
Total.js CMS RCE Vulnerability Critical
CVE-2019-15954 was published for total4 (npm) May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The... Critical Unreviewed
CVE-2019-1010152 was published May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The... Critical Unreviewed
CVE-2019-1010150 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database