Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,172 advisories

Loading
Mini-Tmall v1.0 is vulnerable to Insecure Permissions via tomcat-embed-jasper. High Unreviewed
CVE-2022-30929 was published Jul 7, 2022
On version 2.x before 2.0.3 and 1.x before 1.12.3, the command line restriction that controls... Moderate Unreviewed
CVE-2021-23055 was published Apr 22, 2022
This vulnerability allows local attackers to escalate privileges on affected installations of... High Unreviewed
CVE-2022-34891 was published Jul 19, 2022
Operation restriction bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.5.1 allows a... Moderate Unreviewed
CVE-2022-26051 was published Jul 5, 2022
Improper input validation vulnerability in Link of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote... Moderate Unreviewed
CVE-2022-27807 was published Jul 5, 2022
An issue has been discovered in Novastar-VNNOX-iCare Novaicare 7.16.0 that gives attacker... High Unreviewed
CVE-2021-38289 was published Jul 13, 2022
A privilege escalation vulnerability exists in Rocket.chat <v5 which made it possible to elevate... Moderate Unreviewed
CVE-2022-35250 was published Sep 25, 2022
An Incorrect Permission Assignment for Critical Resource flaw was found in Horizon on Red Hat... Moderate Unreviewed
CVE-2022-1655 was published Jul 23, 2022
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with... Moderate Unreviewed
CVE-2022-23726 was published Oct 1, 2022
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete... Critical Unreviewed
CVE-2021-22648 was published Jul 29, 2022
In Moodle before 3.8.2, 3.7.5, 3.6.9 and 3.5.11, users viewing the grade history report without... Moderate Unreviewed
CVE-2020-1754 was published Aug 6, 2022
Ingenico Telium 2 POS Telium2 OS allow bypass of file-reading restrictions via the NTPT3 protocol... Low Unreviewed
CVE-2018-17766 was published May 24, 2022
An issue in the /config/config.php component of Indexhibit 2.1.5 allows attackers to arbitrarily... Moderate Unreviewed
CVE-2020-18127 was published May 24, 2022
Bytebase does not restrict low privilege user to access admin issues Moderate
CVE-2022-32169 was published for github.com/bytebase/bytebase (Go) Sep 29, 2022
In addOrUpdateNetwork of WifiServiceImpl.java, there is a possible way for a guest user to... High Unreviewed
CVE-2022-20398 was published Sep 14, 2022
CuppaCMS 1.0 is vulnerable to Remote Code Execution (RCE). An authenticated user can control both... High Unreviewed
CVE-2022-37190 was published Sep 14, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent (DSA) uses the "... High Unreviewed
CVE-2021-42855 was published Mar 11, 2022
In the SEPolicy configuration of system apps, there is a possible access to the 'ip' utility due... Moderate Unreviewed
CVE-2022-20399 was published Sep 14, 2022
CBRN-Analysis before 22 has weak file permissions under Public Profile, leading to disclosure of... High Unreviewed
CVE-2022-45193 was published Nov 12, 2022
IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission... Low Unreviewed
CVE-2022-34314 was published Nov 15, 2022
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open... High Unreviewed
CVE-2014-10402 was published May 17, 2022
JFrog Artifactory prior to version 7.28.0 and 6.23.38, is vulnerable to Broken Access Control,... Moderate Unreviewed
CVE-2021-41834 was published May 24, 2022
A Local Privilege Escalation in libqcocoa.dylib in Foxit Reader 3.1.0.0111 on macOS has been... High Unreviewed
CVE-2019-8342 was published May 24, 2022
Hasplm cookie in Gemalto Admin Control Center, all versions prior to 7.92, does not have ... Moderate Unreviewed
CVE-2019-8283 was published May 24, 2022
A vulnerability in the London Trust Media Private Internet Access (PIA) VPN Client v82 for macOS... High Unreviewed
CVE-2019-12577 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database