GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
366 advisories
Filter by severity
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to...
High
Unreviewed
CVE-2021-24739
was published
Dec 22, 2021
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app...
High
Unreviewed
CVE-2022-22288
was published
Jan 11, 2022
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to...
Low
Unreviewed
CVE-2022-22272
was published
Jan 11, 2022
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by...
High
Unreviewed
CVE-2021-28500
was published
Jan 15, 2022
Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers...
Moderate
Unreviewed
CVE-2022-24002
was published
Feb 12, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Critical
Unreviewed
CVE-2022-21196
was published
Feb 19, 2022
Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.
Moderate
Unreviewed
CVE-2022-0726
was published
Feb 24, 2022
Improper Authorization in GitHub repository webmin/webmin prior to 1.990.
High
Unreviewed
CVE-2022-0829
was published
Mar 3, 2022
Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5.
Moderate
Unreviewed
CVE-2022-0756
was published
Mar 8, 2022
Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.
Moderate
Unreviewed
CVE-2022-0821
was published
Mar 12, 2022
Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.
Moderate
Unreviewed
CVE-2022-0406
was published
Apr 4, 2022
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker...
High
Unreviewed
CVE-2022-28776
was published
Apr 12, 2022
The SiteGround Security plugin for WordPress is vulnerable to authentication bypass that allows...
Critical
Unreviewed
CVE-2022-0993
was published
Apr 20, 2022
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level...
High
Unreviewed
CVE-2021-43939
was published
Apr 29, 2022
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables...
Moderate
Unreviewed
CVE-2022-0027
was published
May 12, 2022
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions...
Moderate
Unreviewed
CVE-2018-14662
was published
May 13, 2022
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and...
High
Unreviewed
CVE-2016-1000219
was published
May 13, 2022
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA)...
High
Unreviewed
CVE-2018-15465
was published
May 13, 2022
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's...
Moderate
Unreviewed
CVE-2016-9575
was published
May 13, 2022
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on...
Moderate
Unreviewed
CVE-2016-9464
was published
May 13, 2022
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions...
High
Unreviewed
CVE-2016-7071
was published
May 13, 2022
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its...
High
Unreviewed
CVE-2016-7035
was published
May 13, 2022
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive...
Moderate
Unreviewed
CVE-2016-0373
was published
May 13, 2022
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and...
Critical
Unreviewed
CVE-2015-3954
was published
May 13, 2022
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI...
Critical
Unreviewed
CVE-2015-5463
was published
May 14, 2022
ProTip!
Advisories are also available from the
GraphQL API