Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

268 advisories

Loading
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does... Moderate Unreviewed
CVE-2020-1690 was published May 24, 2022
Magento Unauthorized access to restricted resources Moderate
CVE-2021-28563 was published for magento/community-edition (Composer) May 24, 2022
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the... Moderate Unreviewed
CVE-2021-34434 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Moderate Unreviewed
CVE-2021-36037 was published May 24, 2022
Magento Improper Authorization vulnerability in the customers module Moderate
CVE-2021-28567 was published for magento/community-edition (Composer) May 24, 2022
Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the... Moderate Unreviewed
CVE-2021-41568 was published May 24, 2022
Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers... Moderate Unreviewed
CVE-2021-41564 was published May 24, 2022
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An... Moderate Unreviewed
CVE-2021-33723 was published May 24, 2022
The “List View” function of ShinHer StudyOnline System is not under authority control. After... Moderate Unreviewed
CVE-2021-42332 was published May 24, 2022
The permission control of AIFU cashier management salary query function can be bypassed, thus... Moderate Unreviewed
CVE-2021-42337 was published May 24, 2022
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a... Moderate Unreviewed
CVE-2021-42336 was published May 24, 2022
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control.... Moderate Unreviewed
CVE-2021-42331 was published May 24, 2022
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess... Moderate Unreviewed
CVE-2022-30730 was published Jun 8, 2022
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization... Moderate Unreviewed
CVE-2022-30670 was published Jun 17, 2022
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local... Moderate Unreviewed
CVE-2022-33702 was published Jul 13, 2022
A flaw was found in pki-core, which could allow a user to get a certificate for another user... Moderate Unreviewed
CVE-2022-2393 was published Jul 15, 2022
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0... Moderate Unreviewed
CVE-2022-2675 was published Aug 6, 2022
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting... Moderate Unreviewed
CVE-2022-2461 was published Sep 7, 2022
Harbor fails to validate the user permissions when reading job execution logs through the P2P preheat execution logs Moderate
CVE-2022-31671 was published for github.com/goharbor/harbor (Go) Sep 9, 2022
Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1... Moderate Unreviewed
CVE-2022-36848 was published Sep 10, 2022
Harbor fails to validate the user permissions when updating tag immutability policies Moderate
CVE-2022-31669 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
michaelkedar
Harbor fails to validate the user permissions when updating a robot account Moderate
CVE-2022-31667 was published for github.com/goharbor/harbor (Go) Sep 16, 2022
andrewpollock
Bytebase allows low-privilege users to view admin projects Moderate
CVE-2022-32170 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows... Moderate Unreviewed
CVE-2022-39873 was published Oct 7, 2022
Cloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control... Moderate Unreviewed
CVE-2022-34434 was published Oct 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database