Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

434 advisories

Loading
Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu... Moderate Unreviewed
CVE-2022-26368 was published Jul 5, 2022
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls... Moderate Unreviewed
CVE-2021-23055 was published Apr 22, 2022
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote... Moderate Unreviewed
CVE-2022-27807 was published Jul 5, 2022
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a... Moderate Unreviewed
CVE-2022-26051 was published Jul 5, 2022
A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate... Moderate Unreviewed
CVE-2022-35250 was published Sep 25, 2022
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat... Moderate Unreviewed
CVE-2022-1655 was published Jul 23, 2022
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with... Moderate Unreviewed
CVE-2022-23726 was published Oct 1, 2022
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without... Moderate Unreviewed
CVE-2020-1754 was published Aug 6, 2022
An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily... Moderate Unreviewed
CVE-2020-18127 was published May 24, 2022
Bytebase does not restrict low privilege user to access admin issues Moderate
CVE-2022-32169 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due... Moderate Unreviewed
CVE-2022-20399 was published Sep 14, 2022
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control,... Moderate Unreviewed
CVE-2021-41834 was published May 24, 2022
Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have ... Moderate Unreviewed
CVE-2019-8283 was published May 24, 2022
Sensitive Cookie Without 'HttpOnly' Flag in GitHub repository lirantal/daloradius prior to master. Moderate Unreviewed
CVE-2022-4630 was published Dec 21, 2022
EXFO - BV-10 Performance Endpoint Unit misconfiguration. System configuration file has... Moderate Unreviewed
CVE-2022-39186 was published Jan 12, 2023
In Telephony, there is a possible information disclosure due to a missing permission check. This... Moderate Unreviewed
CVE-2022-20284 was published Aug 13, 2022
In Midi, there is a possible way to learn about private midi devices due to a permissions bypass.... Moderate Unreviewed
CVE-2022-20290 was published Aug 13, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak /opt/axess/var/blobstorage/ permissions. Moderate Unreviewed
CVE-2020-15328 was published Sep 30, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has weak Data.fs permissions. Moderate Unreviewed
CVE-2020-15329 was published Sep 30, 2022
A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with... Moderate Unreviewed
CVE-2020-10781 was published May 24, 2022
Zammad 5.2.1 has a fine-grained permission model that allows to configure read-only access to... Moderate Unreviewed
CVE-2022-40817 was published Sep 28, 2022
A vulnerability related to weak permissions was detected in Avaya Aura Application Enablement... Moderate Unreviewed
CVE-2022-2975 was published Oct 6, 2022
A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows... Moderate Unreviewed
CVE-2020-6168 was published May 24, 2022
The keystone-json-assignment package in SUSE Openstack Cloud 8 before commit... Moderate Unreviewed
CVE-2019-3683 was published May 24, 2022
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects... Moderate Unreviewed
CVE-2020-0668 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database