Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

236 advisories

Loading
Canonical snapd before version 2.37.1 incorrectly performed socket owner validation, allowing an... Critical Unreviewed
CVE-2019-7304 was published May 24, 2022
Sandbox bypass in ontrack Jenkins Plugin Critical
CVE-2019-10306 was published for org.jenkins-ci.plugins:ontrack (Maven) May 24, 2022
westonsteimel
Authorization bypass in Spring Security Critical
CVE-2022-22978 was published for org.springframework.security:spring-security-core (Maven) May 20, 2022
secjoker
An improper authorization vulnerability exists In Schneider Electric's 66074 MGE Network... Critical Unreviewed
CVE-2018-7245 was published May 13, 2022
In Webgalamb through 7.0, system/ajax.php functionality is supposed to be available only to the... Critical Unreviewed
CVE-2018-19515 was published May 13, 2022
The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports... Critical Unreviewed
CVE-2018-18815 was published May 13, 2022
Incorrect access control in nasapi in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to... Critical Unreviewed
CVE-2018-13324 was published May 13, 2022
WebExtensions bundled with embedded experiments were not correctly checked for proper... Critical Unreviewed
CVE-2018-12369 was published May 13, 2022
OpenFlow version 1.0 onwards contains a Denial of Service and Improper authorization... Critical Unreviewed
CVE-2018-1000155 was published May 13, 2022
An Improper Authorization issue was discovered in OSIsoft PI Integrator for Business Analytics... Critical Unreviewed
CVE-2017-9653 was published May 13, 2022
Red Hat 3scale (aka RH-3scale) API Management Platform (AMP) before 2.0.0 would permit creation... Critical Unreviewed
CVE-2017-7512 was published May 13, 2022
Splunk Web in Splunk Enterprise 7.0.x before 7.0.0.1, 6.6.x before 6.6.3.2, 6.5.x before 6.5.6, 6... Critical Unreviewed
CVE-2017-17067 was published May 13, 2022
An Improper Authorization issue was discovered in PHOENIX CONTACT FL SWITCH 3xxx, 4xxx, and 48xxx... Critical Unreviewed
CVE-2017-16743 was published May 13, 2022
It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform... Critical Unreviewed
CVE-2017-7470 was published May 13, 2022
Pro Features Lock Bypass vulnerability in Countdown & Clock plugin <= 2.3.2 at WordPress. Critical Unreviewed
CVE-2022-29423 was published May 7, 2022
Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure Software (NFVIS) could allow an... Critical Unreviewed
CVE-2022-20777 was published May 5, 2022
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before... Critical Unreviewed
CVE-2022-29906 was published Apr 30, 2022
Zoho ManageEngine Access Manager Plus before 4302, Password Manager Pro before 12007, and PAM360... Critical Unreviewed
CVE-2022-29081 was published Apr 29, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n kurt-r2c
Joomla! Core is prone to a security bypass vulnerability. Exploiting this issue may allow... Critical Unreviewed
CVE-2010-1435 was published Apr 21, 2022
IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read... Critical Unreviewed
CVE-2010-2548 was published Apr 21, 2022
An incorrect access control issue at /admin/run_ajax.php in zbzcms v1.0 allows attackers to... Critical Unreviewed
CVE-2022-27128 was published Apr 11, 2022
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow... Critical Unreviewed
CVE-2021-46419 was published Apr 8, 2022
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use... Critical Unreviewed
CVE-2022-26676 was published Apr 8, 2022
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is... Critical Unreviewed
CVE-2021-32986 was published Apr 5, 2022
ProTip! Advisories are also available from the GraphQL API