GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
236 advisories
Filter by severity
In Festo Controller CECC-X-M1 product family in multiple versions, the http-endpoint "cecc-x-web...
Critical
Unreviewed
CVE-2022-30309
was published
Jun 14, 2022
Bonita Web 2021.2 is affected by a authentication/authorization bypass vulnerability due to an...
Critical
Unreviewed
CVE-2022-25237
was published
Jun 3, 2022
An access control issue in Linglong v1.0 allows attackers to access the background of the...
Critical
Unreviewed
CVE-2022-29633
was published
May 27, 2022
TrueStack Direct Connect 1.4.7 has Incorrect Access Control.
Critical
Unreviewed
CVE-2022-23775
was published
May 26, 2022
Zoho ManageEngine ADManager Plus before 7115 is vulnerable to a filter bypass that leads to file...
Critical
Unreviewed
CVE-2021-42002
was published
May 24, 2022
OWASP ModSecurity Core Rule Set 3.1.x before 3.1.2, 3.2.x before 3.2.1, and 3.3.x before 3.3.2 is...
Critical
Unreviewed
CVE-2021-35368
was published
May 24, 2022
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth,...
Critical
Unreviewed
CVE-2021-42837
was published
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21693
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21692
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21691
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
ManageEngine Log360 Builds < 5235 are affected by an improper access control vulnerability...
Critical
Unreviewed
CVE-2021-20136
was published
May 24, 2022
Potential security vulnerabilities have been discovered on a certain HP LaserJet Pro printer that...
Critical
Unreviewed
CVE-2021-3705
was published
May 24, 2022
Penguin Aurora TV Box 41502 is a high-end network HD set-top box produced by Tencent Video and...
Critical
Unreviewed
CVE-2021-41873
was published
May 24, 2022
A path traversal vulnerability in the Moxa MXview Network Management software Versions 3.x to 3.2...
Critical
Unreviewed
CVE-2021-38454
was published
May 24, 2022
Integria IMS login check uses a loose comparator ("==") to compare the MD5 hash of the password...
Critical
Unreviewed
CVE-2021-3833
was published
May 24, 2022
Blockstream c-lightning through 0.10.1 allows loss of funds because of dust HTLC exposure.
Critical
Unreviewed
CVE-2021-41592
was published
May 24, 2022
ACINQ Eclair before 0.6.3 allows loss of funds because of dust HTLC exposure.
Critical
Unreviewed
CVE-2021-41591
was published
May 24, 2022
There is a flaw in the code used to configure the internal gateway firewall when the gateway's...
Critical
Unreviewed
CVE-2020-12030
was published
May 24, 2022
Couchbase Server 6.5.x and 6.6.x through 6.6.2 has Incorrect Access Control. Externally managed...
Critical
Unreviewed
CVE-2021-35943
was published
May 24, 2022
UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the...
Critical
Unreviewed
CVE-2020-21124
was published
May 24, 2022
A vulnerability in versions 10.1 through 10.5 of Johnson Controls CEM Systems AC2000 allows a...
Critical
Unreviewed
CVE-2021-27663
was published
May 24, 2022
Zoho ManageEngine ADSelfService Plus 6103 and prior is vulnerable to admin portal access...
Critical
Unreviewed
CVE-2021-37421
was published
May 24, 2022
A vulnerability in an API endpoint of Cisco Application Policy Infrastructure Controller (APIC)...
Critical
Unreviewed
CVE-2021-1577
was published
May 24, 2022
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's...
Critical
Unreviewed
CVE-2021-26040
was published
May 24, 2022
OpenStack Neutron vulnerable to hardware address impersonation
Critical
CVE-2021-38598
was published
for
neutron
(pip)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API