GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+
278 advisories
Filter by severity
Potential session hijack in Apache CXF
Critical
CVE-2019-12419
was published
for
org.apache.cxf:cxf
(Maven)
Nov 8, 2019
Incorrect Authorization in Apache Solr
Critical
CVE-2021-29943
was published
for
org.apache.solr:solr-parent
(Maven)
May 10, 2021
Improper Authorization and Origin Validation Error in OneFuzz
Critical
CVE-2021-37705
was published
for
onefuzz
(pip)
Aug 13, 2021
Incorrect Authorization in serverless-offline
Critical
CVE-2021-38384
was published
for
serverless-offline
(npm)
Sep 1, 2021
Deno's static imports inside dynamically imported modules do not adhere to permission checks
Critical
CVE-2021-32619
was published
for
deno
(Rust)
Sep 23, 2021
Improper Access Control in Webauthn Framework
Critical
CVE-2021-38299
was published
for
web-auth/webauthn-framework
(Composer)
Sep 29, 2021
Incorrect Authorization in Apache Ozone
Critical
CVE-2021-39233
was published
for
org.apache.ozone:ozone-main
(Maven)
Nov 23, 2021
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to...
Critical
Unreviewed
CVE-2021-38503
was published
Dec 9, 2021
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin...
Critical
Unreviewed
CVE-2021-43703
was published
Dec 10, 2021
IBM Spectrum Copy Data Management 2.2.13 and earlier could allow a remote attacker to access the...
Critical
Unreviewed
CVE-2021-39052
was published
Dec 14, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 does not have sufficient access controls for the WAN...
Critical
Unreviewed
CVE-2021-20149
was published
Dec 31, 2021
Incorrect Authorization in latte/latte
Critical
CVE-2021-23803
was published
for
latte/latte
(Composer)
Jan 6, 2022
An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip...
Critical
Unreviewed
CVE-2021-28506
was published
Jan 15, 2022
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services...
Critical
Unreviewed
CVE-2022-22167
was published
Jan 20, 2022
A traffic classification vulnerability in Juniper Networks Junos OS on the SRX Series Services...
Critical
Unreviewed
CVE-2022-22157
was published
Jan 20, 2022
IBM Cognos Controller 10.4.0, 10.4.1, and 10.4.2 could be vulnerable to unauthorized...
Critical
Unreviewed
CVE-2020-4877
was published
Jan 22, 2022
IBM Security Verify Access 10.0.0.0, 10.0.1.0 and 10.0.2.0 with the advanced access control...
Critical
Unreviewed
CVE-2021-39070
was published
Feb 3, 2022
Mastodon before 3.3.2 and 3.4.x before 3.4.6 has incorrect access control because it does not...
Critical
Unreviewed
CVE-2022-24307
was published
Feb 10, 2022
Incorrect Authorization in Apache Solr
Critical
CVE-2020-13957
was published
for
org.apache.solr:solr-parent
(Maven)
Feb 10, 2022
There is an arbitrary address access vulnerability with the product line test code.Successful...
Critical
Unreviewed
CVE-2021-39994
was published
Feb 11, 2022
nats-io/jwt not enforcing checking of Import token permissions
Critical
CVE-2021-3127
was published
for
github.com/nats-io/jwt
(Go)
Feb 15, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Critical
Unreviewed
CVE-2022-21196
was published
Feb 19, 2022
MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C...
Critical
Unreviewed
CVE-2022-21141
was published
Feb 19, 2022
An incorrect access control issue in HMS v1.0 allows unauthenticated attackers to read and modify...
Critical
Unreviewed
CVE-2022-25402
was published
Feb 25, 2022
Access Control vulnerability within CoreNLP
Critical
CVE-2021-44550
was published
for
edu.stanford.nlp:stanford-corenlp
(Maven)
Feb 25, 2022
ProTip!
Advisories are also available from the
GraphQL API