Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,286
Erlang
31
GitHub Actions
21
Go
2,058
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

557 advisories

Loading
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24193 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24194 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP... High Unreviewed
CVE-2021-24188 was published May 24, 2022
A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not... Moderate Unreviewed
CVE-2020-10716 was published May 24, 2022
The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34... High Unreviewed
CVE-2021-24311 was published May 24, 2022
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does... Moderate Unreviewed
CVE-2020-1690 was published May 24, 2022
Magento Unauthorized access to restricted resources Moderate
CVE-2021-28563 was published for magento/community-edition (Composer) May 24, 2022
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to... Critical Unreviewed
CVE-2021-32523 was published May 24, 2022
Obsidian does not require user confirmation for non-http/https URLs. Critical
CVE-2021-38148 was published for obsidian (npm) May 24, 2022
Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is... Low Unreviewed
CVE-2021-28626 was published May 24, 2022
In Eclipse Mosquitto versions 2.0 to 2.0.11, when using the dynamic security plugin, if the... Moderate Unreviewed
CVE-2021-34434 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Moderate Unreviewed
CVE-2021-36037 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... Critical Unreviewed
CVE-2021-36029 was published May 24, 2022
Magento Improper Authorization vulnerability in the customers module Moderate
CVE-2021-28567 was published for magento/community-edition (Composer) May 24, 2022
TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the... High Unreviewed
CVE-2021-41975 was published May 24, 2022
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the... Critical Unreviewed
CVE-2021-41974 was published May 24, 2022
Tad Web is vulnerable to authorization bypass, thus remote attackers can exploit the... Moderate Unreviewed
CVE-2021-41568 was published May 24, 2022
Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers... Moderate Unreviewed
CVE-2021-41564 was published May 24, 2022
Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable... High Unreviewed
CVE-2021-39317 was published May 24, 2022
A vulnerability has been identified in SINEC NMS (All versions < V1.0 SP2 Update 1). An... Moderate Unreviewed
CVE-2021-33723 was published May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self... High Unreviewed
CVE-2021-38486 was published May 24, 2022
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and... High Unreviewed
CVE-2021-39341 was published May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21693 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary... High Unreviewed
CVE-2021-40502 was published May 24, 2022
The “List View” function of ShinHer StudyOnline System is not under authority control. After... Moderate Unreviewed
CVE-2021-42332 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database