Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,286
Erlang
31
GitHub Actions
21
Go
2,058
Maven
5,000+
npm
3,742
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

557 advisories

Loading
The management page of the Orca HCM digital learning platform does not perform identity... High Unreviewed
CVE-2021-35964 was published May 24, 2022
The permission control of AIFU cashier management salary query function can be bypassed, thus... Moderate Unreviewed
CVE-2021-42337 was published May 24, 2022
The learning history page of the Easytest is vulnerable by permission bypass. After obtaining a... Moderate Unreviewed
CVE-2021-42336 was published May 24, 2022
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated... Critical Unreviewed
CVE-2021-42338 was published May 24, 2022
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control.... Moderate Unreviewed
CVE-2021-42331 was published May 24, 2022
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control.... High Unreviewed
CVE-2021-42330 was published May 24, 2022
Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization... High Unreviewed
CVE-2022-26857 was published May 27, 2022
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess... Moderate Unreviewed
CVE-2022-30730 was published Jun 8, 2022
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access... High Unreviewed
CVE-2022-30746 was published Jun 8, 2022
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications... High Unreviewed
CVE-2022-30717 was published Jun 8, 2022
A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0.... High Unreviewed
CVE-2022-2019 was published Jun 10, 2022
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization... Moderate Unreviewed
CVE-2022-30670 was published Jun 17, 2022
Improper Authorization in Apache Shiro Critical
CVE-2022-32532 was published for org.apache.shiro:shiro-core (Maven) Jun 30, 2022
Improper Authorization in GitHub repository saltstack/salt prior to 3004.2. Unknown Unreviewed
CVE-2022-2282 was published Jul 2, 2022
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain... Low Unreviewed
CVE-2022-30757 was published Jul 13, 2022
Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access... Low Unreviewed
CVE-2022-33705 was published Jul 13, 2022
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local... Moderate Unreviewed
CVE-2022-33702 was published Jul 13, 2022
A flaw was found in pki-core, which could allow a user to get a certificate for another user... Moderate Unreviewed
CVE-2022-2393 was published Jul 15, 2022
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. Critical Unreviewed
CVE-2022-2595 was published Aug 2, 2022
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it... High Unreviewed
CVE-2022-31609 was published Aug 6, 2022
Using off-the-shelf commodity hardware, the Unitree Go 1 robotics platform version H0.1.7 and H0... Moderate Unreviewed
CVE-2022-2675 was published Aug 6, 2022
Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged... High Unreviewed
CVE-2022-2661 was published Aug 17, 2022
Magento Improper Authorization vulnerability High
CVE-2022-34256 was published for magento/community-edition (Composer) Aug 17, 2022
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting... Moderate Unreviewed
CVE-2022-2461 was published Sep 7, 2022
Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. High Unreviewed
CVE-2022-2901 was published Sep 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database