Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,091 advisories

Loading
A privilege escalation vulnerability in FortiNAC versions 8.8.8 and below and 9.1.2 and below may... High Unreviewed
CVE-2021-41021 was published Dec 9, 2021
APM Java Agent Local Privilege Escalation High
CVE-2021-37941 was published for elastic-apm (pip) Dec 9, 2021
Improper Privilege Management in devise_masquerade High
CVE-2021-28680 was published for devise_masquerade (RubyGems) Dec 8, 2021
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone... High Unreviewed
CVE-2021-37091 was published Dec 8, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file... High Unreviewed
CVE-2021-43034 was published Dec 7, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged... High Unreviewed
CVE-2021-43040 was published Dec 7, 2021
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could... High Unreviewed
CVE-2021-44019 was published Dec 4, 2021
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could... High Unreviewed
CVE-2021-44020 was published Dec 4, 2021
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could... High Unreviewed
CVE-2021-44021 was published Dec 4, 2021
Improper Privilege Management in Concrete CMS High
CVE-2021-22966 was published for concrete5/core (Composer) Nov 23, 2021
certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address... High Unreviewed
CVE-2021-28710 was published Nov 22, 2021
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege... High Unreviewed
CVE-2021-36307 was published Nov 21, 2021
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested... High Unreviewed
CVE-2021-44038 was published Nov 20, 2021
Insufficient security control vulnerability in internal database access mechanism of Hitachi... High Unreviewed
CVE-2021-35534 was published Nov 19, 2021
Improper privilege management in Keycloak High
CVE-2020-14389 was published for org.keycloak:keycloak-core (Maven) Nov 10, 2021
Permissions bypass in pleaser High
CVE-2021-31155 was published for pleaser (Rust) Aug 25, 2021
michaelkedar
Privilege escalation via form generator High
CVE-2021-37627 was published for contao/contao (Composer) Aug 23, 2021
ausi
Improper Privilege Management in HashiCorp Nomad High
CVE-2021-3283 was published for github.com/hashicorp/nomad (Go) Jun 24, 2021
Privilege escalation in spring security High
CVE-2021-22112 was published for org.springframework.security:spring-security-bom (Maven) May 10, 2021
Incorrect Session Validation in Apache Airflow High
CVE-2020-17526 was published for apache-airflow (pip) Apr 20, 2021
sunSUNQ
Any logged in user could edit any other logged in user. High
CVE-2021-29452 was published for @curveball/a12n-server (npm) Apr 19, 2021
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
npm Vulnerable to Global node_modules Binary Overwrite High
CVE-2019-16777 was published for npm (npm) Dec 13, 2019
DanielRuf
Improper Privilege Management in org.apache.hadoop:hadoop-main High
CVE-2018-11767 was published for org.apache.hadoop:hadoop-main (Maven) Mar 25, 2019
dwebp-bin downloads Resources over HTTP High
CVE-2016-10633 was published for dwebp-bin (npm) Feb 18, 2019
ProTip! Advisories are also available from the GraphQL API