GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,066 advisories
Filter by severity
Incorrect access control in typo3_forum
Moderate
CVE-2020-15513
was published
for
mittwald/typo3_forum
(Composer)
Jul 29, 2020
Ignition config accessible to unprivileged software on VMware
Moderate
CVE-2022-1706
was published
for
github.com/coreos/ignition
(Go)
May 25, 2022
Keycloak has lack of validation of access token on client registrations endpoint
Moderate
CVE-2023-0091
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 12, 2023
Improper Authorization in grumpydictator/firefly-iii
Moderate
CVE-2023-0298
was published
for
grumpydictator/firefly-iii
(Composer)
Jan 14, 2023
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior,...
Moderate
Unreviewed
CVE-2021-20862
was published
Dec 2, 2021
Improper access control on the LocalMACConfig.asp interface allows an unauthenticated remote...
Moderate
Unreviewed
CVE-2022-25215
was published
Mar 11, 2022
IBM Data Virtualization on Cloud Pak for Data 1.3.0, 1.4.1, 1.5.0, 1.7.1 and 1.7.3 could allow an...
Moderate
Unreviewed
CVE-2021-38971
was published
Mar 15, 2022
parse-server new anonymous user session acts as if it's created with password
Moderate
CVE-2021-39138
was published
for
parse-server
(npm)
Aug 23, 2021
An improper authorization handling flaw was found in Foreman. The OpenSCAP plugin for the smart...
Moderate
Unreviewed
CVE-2021-20290
was published
Mar 26, 2022
The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing...
Moderate
Unreviewed
CVE-2022-0720
was published
Mar 29, 2022
In all versions of GitLab CE/EE since version 11.3, the endpoint for auto-completing Assignee...
Moderate
Unreviewed
CVE-2021-39876
was published
Mar 29, 2022
An improper authorization vulnerabiltiy [CWE-285] in FortiClient Windows versions 7.0.0 and 6.4.6...
Moderate
Unreviewed
CVE-2021-36167
was published
Dec 10, 2021
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows...
Moderate
Unreviewed
CVE-2021-36169
was published
Dec 14, 2021
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr...
Moderate
Unreviewed
CVE-2022-1177
was published
Mar 31, 2022
Archer 6.x through 6.9 SP2 P1 (6.9.2.1) contains an improper access control vulnerability on...
Moderate
Unreviewed
CVE-2022-26949
was published
Mar 31, 2022
Improper access control allows any project member to retrieve the service desk email address in...
Moderate
Unreviewed
CVE-2021-39934
was published
Dec 14, 2021
Improper access control in GitLab CE/EE versions 12.4 to 14.5.4, 14.5 to 14.6.4, and 12.6 to 14.7...
Moderate
Unreviewed
CVE-2022-0373
was published
Apr 3, 2022
In DomainVerificationService, there is a possible way to access app domain verification...
Moderate
Unreviewed
CVE-2021-39753
was published
Mar 31, 2022
A local unauthorized read access to files vulnerability was discovered in HPE OneView version(s):...
Moderate
Unreviewed
CVE-2022-23700
was published
Apr 5, 2022
In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing...
Moderate
Unreviewed
CVE-2021-39742
was published
Mar 31, 2022
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows is vulnerable to...
Moderate
Unreviewed
CVE-2022-27608
was published
Apr 5, 2022
In RSA Archer 6.x through 6.9 SP3 (6.9.3.0), an authenticated attacker can make a GET request to...
Moderate
Unreviewed
CVE-2021-38362
was published
Apr 1, 2022
In Settings, there is a possible way to read Bluetooth device names without proper permissions...
Moderate
Unreviewed
CVE-2021-39751
was published
Mar 31, 2022
An improper access control vulnerability in GitLab CE/EE affecting all versions from 13.11 prior...
Moderate
Unreviewed
CVE-2022-1105
was published
Apr 5, 2022
Forcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide...
Moderate
Unreviewed
CVE-2022-27609
was published
Apr 5, 2022
ProTip!
Advisories are also available from the
GraphQL API