Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,618
NuGet
638
pip
3,231
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

871 advisories

Loading
Privilege Escalation Flaw in Elasticsearch Moderate
CVE-2020-7014 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Improper Access Control in Apache Airflow Moderate
CVE-2021-26559 was published for apache-airflow (pip) Apr 7, 2021
sunSUNQ
Creation of Temporary File in Directory with Insecure Permissions in auto-generated Java, Scala code Moderate
CVE-2021-21430 was published for org.openapitools:openapi-generator (Maven) May 11, 2021
JLLeitschuh
Privilege Escalation in Cloud Native Computing Foundation Harbor Moderate
CVE-2019-19023 was published for github.com/goharbor/harbor (Go) May 18, 2021
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Deserialization of Untrusted Data in Flask-Caching Moderate
CVE-2021-33026 was published for Flask-Caching (pip) Jun 18, 2021
fluffy-critter
Privilege escalation: all users can access Admin-level API keys Moderate
CVE-2021-39192 was published for ghost (npm) Jul 22, 2021
zn9988
When a user has admin rights in Serv-U Console, the user can move, create and delete any files... Moderate Unreviewed
CVE-2021-35245 was published Dec 7, 2021
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution... Moderate Unreviewed
CVE-2021-43528 was published Dec 9, 2021
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows... Moderate Unreviewed
CVE-2021-25526 was published Dec 9, 2021
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... Moderate Unreviewed
CVE-2021-38926 was published Dec 10, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.11 before 14... Moderate Unreviewed
CVE-2021-39931 was published Dec 14, 2021
In ic_startRetrieveEntryValue of acropora/app/identity/ic.c, there is a possible bypass of... Moderate Unreviewed
CVE-2021-39643 was published Dec 16, 2021
Windows Mobile Device Management Elevation of Privilege Vulnerability Moderate Unreviewed
CVE-2021-43880 was published Dec 16, 2021
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37... Moderate Unreviewed
CVE-2021-44857 was published Dec 18, 2021
StorageGRID (formerly StorageGRID Webscale) versions 11.5 prior to 11.5.0.5 are susceptible to a... Moderate Unreviewed
CVE-2021-27006 was published Dec 24, 2021
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted... Moderate Unreviewed
CVE-2022-22263 was published Jan 11, 2022
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from... Moderate Unreviewed
CVE-2022-21970 was published Jan 12, 2022
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability. This CVE ID is unique from... Moderate Unreviewed
CVE-2022-21954 was published Jan 12, 2022
Windows Kernel Elevation of Privilege Vulnerability. This CVE ID is unique from CVE-2022-21881. Moderate Unreviewed
CVE-2022-21879 was published Jan 12, 2022
Agent-to-controller security bypass in Jenkins Conjur Secrets Plugin allows retrieving all credentials Moderate
CVE-2022-23117 was published for org.conjur.jenkins:conjur-credentials (Maven) Jan 13, 2022
NotMyFault
Improper Privilege Management in shelljs Moderate
GHSA-64g7-mvw6-v9qj was published for shelljs (npm) Jan 14, 2022
An issue was discovered in Delta RM 1.2. Using an privileged account, it is possible to edit,... Moderate Unreviewed
CVE-2021-44840 was published Jan 19, 2022
An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5,... Moderate Unreviewed
CVE-2022-0125 was published Jan 19, 2022
An issue has been discovered affecting GitLab versions prior to 14.4.5, between 14.5.0 and 14.5.3... Moderate Unreviewed
CVE-2022-0090 was published Jan 19, 2022
ProTip! Advisories are also available from the GraphQL API