Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,274
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,419
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,066 advisories

Loading
Druid ingestion system Authenticated users can read data from other sources than intended Moderate
CVE-2021-36749 was published for org.apache.druid:druid-core (Maven) Sep 27, 2021
SilverStripe GraphQL Server permission checker not inherited by query subclass. Moderate
CVE-2021-28661 was published for silverstripe/graphql (Composer) Oct 12, 2021
Publify `guest` role users can self-register even when the admin does not allow it Moderate
CVE-2021-25973 was published for publify_core (RubyGems) Nov 3, 2021
oliverchang
OIDC claims not updated from Identity Provider in Pomerium Moderate
CVE-2021-41230 was published for github.com/pomerium/pomerium (Go) Nov 10, 2021
Request injection in Spring Cloud Gateway Moderate
CVE-2021-22051 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Nov 10, 2021
Incorrect Authorization in Apache Ozone Moderate
CVE-2021-39234 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
EC-CUBE Improper access control in Management screen Moderate
CVE-2021-20841 was published for ec-cube/ec-cube (Composer) Nov 25, 2021
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which... Moderate Unreviewed
CVE-2021-24842 was published Nov 30, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior,... Moderate Unreviewed
CVE-2021-20862 was published Dec 2, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Permissions not properly checked in Invenio-Drafts-Resources Moderate
CVE-2021-43781 was published for invenio-app-rdm (pip) Dec 6, 2021
lnielsen
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3... Moderate Unreviewed
CVE-2021-41013 was published Dec 9, 2021
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6... Moderate Unreviewed
CVE-2021-36167 was published Dec 10, 2021
Improper access control in the GitLab CE/EE API affecting all versions starting from 9.4 before... Moderate Unreviewed
CVE-2021-39945 was published Dec 14, 2021
Improper access control in GitLab CE/EE affecting all versions starting from 10.7 before 14.3.6,... Moderate Unreviewed
CVE-2021-39936 was published Dec 14, 2021
Improper access control allows any project member to retrieve the service desk email address in... Moderate Unreviewed
CVE-2021-39934 was published Dec 14, 2021
Missing authorization in GitLab EE versions between 12.4 and 14.3.6, between 14.4.0 and 14.4.4,... Moderate Unreviewed
CVE-2021-39930 was published Dec 14, 2021
Incorrect Authorization in GitLab EE affecting all versions starting from 11.1 before 14.3.6, all... Moderate Unreviewed
CVE-2021-39918 was published Dec 14, 2021
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows... Moderate Unreviewed
CVE-2021-36169 was published Dec 14, 2021
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as... Moderate Unreviewed
CVE-2021-24872 was published Dec 14, 2021
The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation... Moderate Unreviewed
CVE-2021-24819 was published Dec 14, 2021
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation... Moderate Unreviewed
CVE-2021-24836 was published Dec 14, 2021
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings... Moderate Unreviewed
CVE-2021-35248 was published Dec 21, 2021
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0... Moderate Unreviewed
CVE-2021-38900 was published Dec 22, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database