Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,286
Erlang
31
GitHub Actions
21
Go
2,058
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

210 advisories

Loading
The management page of the Orca HCM digital learning platform does not perform identity... High Unreviewed
CVE-2021-35964 was published May 24, 2022
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary... High Unreviewed
CVE-2021-40502 was published May 24, 2022
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and... High Unreviewed
CVE-2021-39341 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self... High Unreviewed
CVE-2021-38486 was published May 24, 2022
Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable... High Unreviewed
CVE-2021-39317 was published May 24, 2022
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the... High Unreviewed
CVE-2021-41975 was published May 24, 2022
The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34... High Unreviewed
CVE-2021-24311 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP... High Unreviewed
CVE-2021-24188 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24192 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24190 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24195 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP... High Unreviewed
CVE-2021-24191 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24193 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24194 was published May 24, 2022
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure... High Unreviewed
CVE-2020-27779 was published May 24, 2022
Missing permission check in Jenkins Pipeline Maven Integration Plugin allow capturing credentials High
CVE-2020-2234 was published for org.jenkins-ci.plugins:pipeline-maven (Maven) May 24, 2022
NotMyFault
A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could... High Unreviewed
CVE-2020-3267 was published May 24, 2022
Improper Authorization in Undertoe High
CVE-2020-1745 was published for io.undertow:undertow-core (Maven) May 24, 2022
Missing permission checks in Pipeline GitHub Notify Step Plugin allows capturing credentials High
CVE-2020-2117 was published for org.jenkins-ci.plugins:pipeline-githubnotify-step (Maven) May 24, 2022
NotMyFault
Missing permission checks in Jenkins Sounds Plugin allow OS command execution High
CVE-2020-2097 was published for org.jenkins-ci.plugins:sounds (Maven) May 24, 2022
NotMyFault
A vulnerability in the CLI of Cisco IOS XE Software could allow an authenticated, local attacker... High Unreviewed
CVE-2019-12671 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco Adaptive Security Appliance (ASA)... High Unreviewed
CVE-2019-1934 was published May 24, 2022
bin/csvprocess in cPanel before 68.0.27 allows insecure file operations (SEC-354). High Unreviewed
CVE-2018-20945 was published May 24, 2022
cPanel before 11.54.0.4 allows arbitrary file-overwrite operations in scripts/quotacheck (SEC-81). High Unreviewed
CVE-2016-10848 was published May 24, 2022
cPanel before 11.54.0.0 allows unauthorized password changes via Webmail API commands (SEC-65). High Unreviewed
CVE-2016-10859 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database