Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
JFrog Artifactory prior to 7.37.13 is vulnerable to Authentication Bypass, which can lead to... Critical Unreviewed
CVE-2022-0668 was published Jan 8, 2023
Improper Privilege Management in rdiffweb Critical
CVE-2022-4314 was published for rdiffweb (pip) Dec 12, 2022
A privilege escalation vulnerability is identified in Ivanti EPM (LANDesk Management Suite) that... Critical Unreviewed
CVE-2022-27773 was published Dec 6, 2022
An access control issue in D-Link DVG-G5402SP GE_1.03 allows unauthenticated attackers to... Critical Unreviewed
CVE-2022-44929 was published Dec 2, 2022
Symantec Endpoint Protection (Windows) agent may be susceptible to a Privilege Escalation... Critical Unreviewed
CVE-2022-37016 was published Dec 1, 2022
Dolibarr vulnerable to privilege escalation Critical
CVE-2022-43138 was published for dolibarr/dolibarr (Composer) Nov 17, 2022
The system framework layer has a vulnerability of serialization/deserialization mismatch.... Critical Unreviewed
CVE-2022-44562 was published Nov 10, 2022
Vela Insecure Defaults Critical
CVE-2022-39395 was published for github.com/go-vela/server (Go) Nov 9, 2022
Azure Arc-enabled Kubernetes cluster Connect Elevation of Privilege Vulnerability. Critical Unreviewed
CVE-2022-37968 was published Oct 12, 2022
An issue in the component post_applogin.php of Super Flexible Software GmbH & Co. KG Syncovery 9... Critical Unreviewed
CVE-2022-36536 was published Sep 17, 2022
Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin <= 3.9.6... Critical Unreviewed
CVE-2022-36793 was published Sep 10, 2022
Authentication Bypass vulnerability in miniOrange OAuth 2.0 client for SSO plugin <= 1.11.3 at... Critical Unreviewed
CVE-2022-34858 was published Aug 23, 2022
In BIG-IP Versions 16.1.x before 16.1.3, 15.1.x before 15.1.5.1, 14.1.x before 14.1.5, and all... Critical Unreviewed
CVE-2022-35243 was published Aug 5, 2022
The Simple Membership WordPress plugin before 4.1.3 allows user to change their membership at the... Critical Unreviewed
CVE-2022-2317 was published Aug 2, 2022
The www-data (Apache web server) account is configured to run sudo with no password for many... Critical Unreviewed
CVE-2022-2104 was published Jun 25, 2022
The Bosch Ethernet switch PRA-ES8P2S with software version 1.01.05 runs its web server with root... Critical Unreviewed
CVE-2022-32535 was published Jun 24, 2022
Incorrect Use of Privileged APIs in GitHub repository polonel/trudesk prior to 1.2.4. Critical Unreviewed
CVE-2022-2023 was published Jun 21, 2022
A vulnerability, which was classified as critical, was found in AXIS P1204, P3225, P3367, M3045,... Critical Unreviewed
CVE-2017-20049 was published Jun 16, 2022
OPSWAT MetaDefender Core (MDCore) before 5.1.2 has incorrect access control, resulting in... Critical Unreviewed
CVE-2022-32272 was published Jun 10, 2022
A vulnerability was found in HumHub 0.20.1/1.0.0-beta.3. It has been classified as critical. This... Critical Unreviewed
CVE-2017-20028 was published Jun 10, 2022
A vulnerability classified as critical has been found in Demokratian. This affects an unknown... Critical Unreviewed
CVE-2020-36542 was published Jun 8, 2022
Dell PowerScale OneFS versions 8.1.0 – 9.1.0 contain a "use of SSH key past account expiration"... Critical Unreviewed
CVE-2021-21502 was published May 24, 2022
Cloudera Manager 7.2.4 has Incorrect Access Control, allowing Escalation of Privileges. Critical Unreviewed
CVE-2021-30132 was published May 24, 2022
Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22... Critical Unreviewed
CVE-2021-25508 was published May 24, 2022
An issue was discovered in Int15MicrocodeSmm in Insyde InsydeH2O before 2021-10-14 on Intel... Critical Unreviewed
CVE-2020-5955 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API