GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
3,288 advisories
Filter by severity
Zoho ManageEngine Desktop Central before 10.1.2137.10 allows an authenticated user to change any...
Moderate
Unreviewed
CVE-2022-23863
was published
Jan 29, 2022
There is a privilege escalation vulnerability in some webOS TVs. Due to wrong setting...
High
Unreviewed
CVE-2022-23727
was published
Jan 29, 2022
Improper Privilege Management in apache-airflow
Moderate
CVE-2021-45230
was published
for
apache-airflow
(pip)
Jan 28, 2022
loguru vulnerable to improper privilege management
Moderate
CVE-2022-0338
was published
for
loguru
(pip)
Jan 26, 2022
Escalation of privileges vulnerability in Micro Focus in Micro Focus Operations Agent, affecting...
Low
Unreviewed
CVE-2021-38129
was published
Jan 26, 2022
The Privilege Escalation vulnerability discovered in the WP Google Map WordPress plugin (versions...
Moderate
Unreviewed
CVE-2021-45729
was published
Jan 26, 2022
In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter...
High
Unreviewed
CVE-2021-44981
was published
Jan 25, 2022
An issue was discovered in COINS Construction Cloud 11.12. Due to logical flaws in the human...
High
Unreviewed
CVE-2021-45222
was published
Jan 25, 2022
Rapid7 Insight Agent, versions prior to 3.1.3, suffer from an improper access control...
Low
Unreviewed
CVE-2021-4016
was published
Jan 22, 2022
The Dell EMC Virtual Appliances before 9.2.2.2 contain undocumented user accounts. A local...
High
Unreviewed
CVE-2021-36339
was published
Jan 22, 2022
Improper Privilege Management in shelljs
High
CVE-2022-0144
was published
for
shelljs
(npm)
Jan 21, 2022
Execution with Unnecessary Privileges in ipython
High
CVE-2022-21699
was published
for
ipython
(pip)
Jan 21, 2022
A privilege escalation vulnerability in the McAfee Agent prior to 5.7.5. McAfee Agent uses...
High
Unreviewed
CVE-2022-0166
was published
Jan 20, 2022
Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General)....
Moderate
Unreviewed
CVE-2022-21310
was published
Jan 20, 2022
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3...
Moderate
Unreviewed
CVE-2022-0090
was published
Jan 19, 2022
An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5,...
Moderate
Unreviewed
CVE-2022-0125
was published
Jan 19, 2022
An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit,...
Moderate
Unreviewed
CVE-2021-44840
was published
Jan 19, 2022
CyberArk Endpoint Privilege Manager (EPM) through 11.5.3.328 before 2021-12-20 allows a local...
High
Unreviewed
CVE-2021-44049
was published
Jan 16, 2022
In jit_memory_region.cc, there is a possible bypass of memory restrictions due to a logic error...
High
Unreviewed
CVE-2021-0959
was published
Jan 15, 2022
In multiple methods of EuiccNotificationManager.java, there is a possible way to install existing...
High
Unreviewed
CVE-2021-39618
was published
Jan 15, 2022
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions...
High
Unreviewed
CVE-2021-39621
was published
Jan 15, 2022
In showCarrierAppInstallationNotification of EuiccNotificationManager.java, there is a possible...
High
Unreviewed
CVE-2021-39625
was published
Jan 15, 2022
In doRead of SimpleDecodingSource.cpp, there is a possible out of bounds write due to an...
Critical
Unreviewed
CVE-2021-39623
was published
Jan 15, 2022
In sendLegacyVoicemailNotification of LegacyModeSmsHandler.java, there is a possible permissions...
High
Unreviewed
CVE-2021-39627
was published
Jan 15, 2022
In executeRequest of OverlayManagerService.java, there is a possible way to control fabricated...
High
Unreviewed
CVE-2021-39630
was published
Jan 15, 2022
ProTip!
Advisories are also available from the
GraphQL API