GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
554 advisories
Filter by severity
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting...
High
Unreviewed
CVE-2022-2536
was published
Dec 15, 2022
Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker...
High
Unreviewed
CVE-2022-39902
was published
Dec 8, 2022
Quarkus CORS filter allows simple GET and POST requests with an invalid Origin to proceed
High
CVE-2022-4147
was published
for
io.quarkus:quarkus-vertx-http
(Maven)
Dec 6, 2022
A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this...
High
Unreviewed
CVE-2022-4281
was published
Dec 5, 2022
Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1...
High
Unreviewed
CVE-2022-39883
was published
Nov 10, 2022
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows...
Low
Unreviewed
CVE-2022-39879
was published
Nov 10, 2022
A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact...
Critical
Unreviewed
CVE-2022-27583
was published
Nov 1, 2022
OpenFGA Authorization Bypass via tupleset wildcard
Moderate
CVE-2022-39341
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
OpenFGA Authorization Bypass
Moderate
CVE-2022-39342
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
OpenFGA subject to Information Disclosure via streamed-list-objects endpoint
Moderate
CVE-2022-39340
was published
for
github.com/openfga/openfga
(Go)
Oct 25, 2022
Field-level access-control bypass for multiselect field
Critical
CVE-2022-39322
was published
for
@keystone-6/core
(npm)
Oct 18, 2022
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control...
Moderate
Unreviewed
CVE-2022-34434
was published
Oct 11, 2022
Apache Airflow may allow authenticated users who have been deactivated to continue using the UI or API
High
CVE-2022-41672
was published
for
apache-airflow
(pip)
Oct 7, 2022
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows...
Moderate
Unreviewed
CVE-2022-39873
was published
Oct 7, 2022
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and...
Critical
Unreviewed
CVE-2022-39862
was published
Oct 7, 2022
Bytebase allows low-privilege users to view admin projects
Moderate
CVE-2022-32170
was published
for
github.com/bytebase/bytebase
(Go)
Sep 29, 2022
XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
High
CVE-2022-31167
was published
for
org.xwiki.platform:xwiki-platform-security
(Maven)
Sep 20, 2022
Harbor fails to validate the user permissions when updating a robot account
Moderate
CVE-2022-31667
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when updating tag immutability policies
Moderate
CVE-2022-31669
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when viewing Webhook policies
High
CVE-2022-31666
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
Harbor fails to validate the user permissions when updating tag retention policies
High
CVE-2022-31670
was published
for
github.com/goharbor/harbor
(Go)
Sep 16, 2022
XWiki Platform Improper Authorization check for inactive users
High
CVE-2022-36090
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Sep 16, 2022
Netmaker vulnerable to Insufficient Granularity of Access Control
High
CVE-2022-36110
was published
for
github.com/gravitl/netmaker
(Go)
Sep 15, 2022
Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy...
High
Unreviewed
CVE-2022-29490
was published
Sep 13, 2022
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows...
Low
Unreviewed
CVE-2022-36857
was published
Sep 10, 2022
ProTip!
Advisories are also available from the
GraphQL API