GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
228 advisories
Filter by severity
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to...
Critical
Unreviewed
CVE-2021-38503
was published
Dec 9, 2021
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin...
Critical
Unreviewed
CVE-2021-43703
was published
Dec 10, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the...
Critical
Unreviewed
CVE-2021-39052
was published
Dec 14, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN...
Critical
Unreviewed
CVE-2021-20149
was published
Dec 31, 2021
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip...
Critical
Unreviewed
CVE-2021-28506
was published
Jan 15, 2022
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services...
Critical
Unreviewed
CVE-2022-22167
was published
Jan 20, 2022
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services...
Critical
Unreviewed
CVE-2022-22157
was published
Jan 20, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized...
Critical
Unreviewed
CVE-2020-4877
was published
Jan 22, 2022
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control...
Critical
Unreviewed
CVE-2021-39070
was published
Feb 3, 2022
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not...
Critical
Unreviewed
CVE-2022-24307
was published
Feb 10, 2022
There is an arbitrary address access vulnerability with the product line test code.Successful...
Critical
Unreviewed
CVE-2021-39994
was published
Feb 11, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Critical
Unreviewed
CVE-2022-21196
was published
Feb 19, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Critical
Unreviewed
CVE-2022-21141
was published
Feb 19, 2022
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify...
Critical
Unreviewed
CVE-2022-25402
was published
Feb 25, 2022
Zoho ManageEngine SharePoint Manager Plus before 4329 allows account takeover because...
Critical
Unreviewed
CVE-2022-24306
was published
Mar 3, 2022
The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business...
Critical
Unreviewed
CVE-2022-26143
was published
Mar 11, 2022
Luocms v2.0 is affected by an incorrect access control vulnerability. Through /admin/templates...
Critical
Unreviewed
CVE-2022-24609
was published
Mar 11, 2022
The public API error causes for the attacker to be able to bypass API access control.
Critical
Unreviewed
CVE-2022-23730
was published
Mar 12, 2022
Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).
Critical
Unreviewed
CVE-2022-26501
was published
Mar 18, 2022
An Access Control vulnerability exists in SoroushPlus+ Messenger 1.0.30 in the Lock Screen...
Critical
Unreviewed
CVE-2022-26629
was published
Mar 25, 2022
EyouCMS v1.5.5 was discovered to have no access control in the component /data/sqldata.
Critical
Unreviewed
CVE-2022-26279
was published
Mar 26, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14...
Critical
Unreviewed
CVE-2022-0735
was published
Mar 29, 2022
After Automation Direct CLICK PLC CPU Modules: C0-1x CPUs with firmware prior to v3.00 is...
Critical
Unreviewed
CVE-2021-32986
was published
Apr 5, 2022
aEnrich a+HRD has inadequate privilege restrictions, an unauthenticated remote attacker can use...
Critical
Unreviewed
CVE-2022-26676
was published
Apr 8, 2022
An unauthorized file deletion vulnerability in Telesquare TLR-2855KS6 via DELETE method can allow...
Critical
Unreviewed
CVE-2021-46419
was published
Apr 8, 2022
ProTip!
Advisories are also available from the
GraphQL API