GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,678
NuGet
645
pip
3,297
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,149 advisories
Filter by severity
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user...
High
Unreviewed
CVE-2021-27024
was published
May 24, 2022
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged...
High
Unreviewed
CVE-2021-25877
was published
May 24, 2022
In telephony, there is a possible information disclosure due to a missing permission check. This...
Moderate
Unreviewed
CVE-2022-21749
was published
Jun 7, 2022
A permissions issue existed in DiskArbitration. This was addressed with additional ownership...
High
Unreviewed
CVE-2021-1784
was published
May 24, 2022
emlog v6.0.0 contains an arbitrary file deletion vulnerability in admin/plugin.php.
Moderate
Unreviewed
CVE-2020-21014
was published
May 24, 2022
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the...
Critical
Unreviewed
CVE-2021-41974
was published
May 24, 2022
Local privilege vulnerability in Yandex Browser for Windows prior to 22.3.3.801 allows a local,...
High
Unreviewed
CVE-2022-28226
was published
Jun 16, 2022
In Connx Version 6.2.0.1269 (20210623), a cookie can be issued by the application and not have...
Moderate
Unreviewed
CVE-2021-40649
was published
Jun 15, 2022
In universal forwarder versions before 9.0, management services are available remotely by default...
High
Unreviewed
CVE-2022-32155
was published
Jun 16, 2022
An issue was discovered in TitanFTP (aka Titan FTP) NextGen before 1.2.1050. When installing,...
High
Unreviewed
CVE-2022-34006
was published
Jun 20, 2022
Incorrect Permission Assignment for Critical Resource vulnerability in ABB REX640 PCL1, REX640...
Moderate
Unreviewed
CVE-2022-1596
was published
Jun 22, 2022
It was reported that watchman in openshift node-utils creates /var/run/watchman.pid and /var/log...
Moderate
Unreviewed
CVE-2014-0068
was published
Jul 1, 2022
A vulnerability has been identified in Xpedition Designer (All versions < VX.2.11). The affected...
High
Unreviewed
CVE-2022-31465
was published
Jun 15, 2022
Insecure permissions in OneBlog v2.3.4 allows low-level administrators to reset the passwords of...
Moderate
Unreviewed
CVE-2022-34012
was published
Jun 24, 2022
HashiCorp Vault Incorrect Permission Assignment for Critical Resource
Critical
CVE-2021-43998
was published
for
github.com/hashicorp/vault
(Go)
Dec 2, 2021
Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders...
Moderate
Unreviewed
CVE-2017-0884
was published
May 13, 2022
In Nagios XI through 5.8.5, a read-only Nagios user (due to an incorrect permission check) is...
Moderate
Unreviewed
CVE-2022-29271
was published
Jun 30, 2022
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows...
High
Unreviewed
CVE-2022-33695
was published
Jul 13, 2022
Improper access control in the runner jobs API in GitLab CE/EE affecting all versions prior to 14...
Moderate
Unreviewed
CVE-2022-2227
was published
Jul 2, 2022
Privilege escalation in Nagios XI before 5.5.11 allows local attackers to elevate privileges to...
High
Unreviewed
CVE-2019-9166
was published
May 13, 2022
Improper input validation vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.5.1 allows a...
Moderate
Unreviewed
CVE-2022-28692
was published
Jul 5, 2022
Operation restriction bypass vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a...
Moderate
Unreviewed
CVE-2022-26054
was published
Jul 5, 2022
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu...
Moderate
Unreviewed
CVE-2022-26368
was published
Jul 5, 2022
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an...
Critical
Unreviewed
CVE-2021-39409
was published
Jun 25, 2022
In Car Settings app, the NotificationAccessConfirmationActivity is exported. In...
High
Unreviewed
CVE-2022-20234
was published
Jul 14, 2022
ProTip!
Advisories are also available from the
GraphQL API