GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+
257 advisories
Filter by severity
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to...
Critical
Unreviewed
CVE-2022-0668
was published
Jan 8, 2023
Improper Privilege Management in rdiffweb
Critical
CVE-2022-4314
was published
for
rdiffweb
(pip)
Dec 12, 2022
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that...
Critical
Unreviewed
CVE-2022-27773
was published
Dec 6, 2022
An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to...
Critical
Unreviewed
CVE-2022-44929
was published
Dec 2, 2022
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation...
Critical
Unreviewed
CVE-2022-37016
was published
Dec 1, 2022
Dolibarr vulnerable to privilege escalation
Critical
CVE-2022-43138
was published
for
dolibarr/dolibarr
(Composer)
Nov 17, 2022
The system framework layer has a vulnerability of serialization/deserialization mismatch....
Critical
Unreviewed
CVE-2022-44562
was published
Nov 10, 2022
Vela Insecure Defaults
Critical
CVE-2022-39395
was published
for
github.com/go-vela/server
(Go)
Nov 9, 2022
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability.
Critical
Unreviewed
CVE-2022-37968
was published
Oct 12, 2022
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9...
Critical
Unreviewed
CVE-2022-36536
was published
Sep 17, 2022
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6...
Critical
Unreviewed
CVE-2022-36793
was published
Sep 10, 2022
Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at...
Critical
Unreviewed
CVE-2022-34858
was published
Aug 23, 2022
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all...
Critical
Unreviewed
CVE-2022-35243
was published
Aug 5, 2022
The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the...
Critical
Unreviewed
CVE-2022-2317
was published
Aug 2, 2022
The www-data (Apache web server) account is configured to run sudo with no password for many...
Critical
Unreviewed
CVE-2022-2104
was published
Jun 25, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root...
Critical
Unreviewed
CVE-2022-32535
was published
Jun 24, 2022
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4.
Critical
Unreviewed
CVE-2022-2023
was published
Jun 21, 2022
A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045,...
Critical
Unreviewed
CVE-2017-20049
was published
Jun 16, 2022
OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in...
Critical
Unreviewed
CVE-2022-32272
was published
Jun 10, 2022
A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This...
Critical
Unreviewed
CVE-2017-20028
was published
Jun 10, 2022
A vulnerability classified as critical has been found in Demokratian. This affects an unknown...
Critical
Unreviewed
CVE-2020-36542
was published
Jun 8, 2022
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration"...
Critical
Unreviewed
CVE-2021-21502
was published
May 24, 2022
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges.
Critical
Unreviewed
CVE-2021-30132
was published
May 24, 2022
Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22...
Critical
Unreviewed
CVE-2021-25508
was published
May 24, 2022
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel...
Critical
Unreviewed
CVE-2020-5955
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API