GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
191 advisories
Filter by severity
An issue was discovered in Joomla! 4.0.0. The media manager does not correctly check the user's...
Critical
Unreviewed
CVE-2021-26040
was published
May 24, 2022
ZStack is open source IaaS(infrastructure as a service) software aiming to automate datacenters,...
Critical
Unreviewed
CVE-2021-32829
was published
May 24, 2022
Incorrect Access Control in Lin-CMS-Flask v0.1.1 allows remote attackers to obtain sensitive...
Critical
Unreviewed
CVE-2020-18701
was published
May 24, 2022
Certain NETGEAR devices are affected by lack of access control at the function level. This...
Critical
Unreviewed
CVE-2021-38516
was published
May 24, 2022
A vulnerability in the vae_admin_rule database table of vaeThink v1.0.1 allows attackers to...
Critical
Unreviewed
CVE-2020-19301
was published
May 24, 2022
Insufficient policy enforcement in DevTools in Google Chrome prior to 92.0.4515.107 allowed an...
Critical
Unreviewed
CVE-2021-30571
was published
May 24, 2022
There is a Permission Control Vulnerability in Huawei Smartphone.Successful exploitation of this...
Critical
Unreviewed
CVE-2021-22389
was published
May 24, 2022
Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021...
Critical
Unreviewed
CVE-2021-25437
was published
May 24, 2022
Tieline IP Audio Gateway 2.6.4.8 and below is affected by Incorrect Access Control. A...
Critical
Unreviewed
CVE-2021-35336
was published
May 24, 2022
There is an arbitrary password modification vulnerability in a D-LINK DSL-2888A router product....
Critical
Unreviewed
CVE-2021-33346
was published
May 24, 2022
An improper authorization vulnerability in Palo Alto Networks Cortex XSOAR enables a remote...
Critical
Unreviewed
CVE-2021-3044
was published
May 24, 2022
White Shark System (WSS) 1.3.2 is vulnerable to unauthorized access via user_edit_password.php,...
Critical
Unreviewed
CVE-2020-20466
was published
May 24, 2022
CODESYS V2 Web-Server before 1.1.9.20 has an Improperly Implemented Security Check.
Critical
Unreviewed
CVE-2021-30192
was published
May 24, 2022
An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 ...
Critical
Unreviewed
CVE-2021-28799
was published
May 24, 2022
IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 could allow a user to obtain sensitive...
Critical
Unreviewed
CVE-2021-20538
was published
May 24, 2022
vscode-restructuredtext before 146.0.0 contains an incorrect access control vulnerability, where...
Critical
Unreviewed
CVE-2021-28793
was published
May 24, 2022
The unofficial GLSL Linting extension before 1.4.0 for Visual Studio Code allows remote code...
Critical
Unreviewed
CVE-2021-30503
was published
May 24, 2022
A ZTE product is impacted by improper access control vulnerability. The attacker could exploit...
Critical
Unreviewed
CVE-2021-21730
was published
May 24, 2022
An authorization bypass vulnerability in Monitorr v1.7.6m in Monitorr/assets/config/_installation...
Critical
Unreviewed
CVE-2020-28872
was published
May 24, 2022
Portainer 1.24.1 and earlier is affected by incorrect access control that may lead to remote...
Critical
Unreviewed
CVE-2020-24264
was published
May 24, 2022
LDAP authentication in SAP HANA Database version 2.0 can be bypassed if the attached LDAP...
Critical
Unreviewed
CVE-2021-21484
was published
May 24, 2022
Zoho ManageEngine Desktop Central before build 10.0.647 allows a single authentication secret...
Critical
Unreviewed
CVE-2020-28050
was published
May 24, 2022
WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password.
Critical
Unreviewed
CVE-2021-3332
was published
May 24, 2022
Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component...
Critical
Unreviewed
CVE-2019-11684
was published
May 24, 2022
Mobile application "Testes de Codigo" 11.4 and prior allows an attacker to gain access to the...
Critical
Unreviewed
CVE-2021-25648
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API