GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,939
Maven
5,000+
npm
3,677
NuGet
643
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
809 advisories
Filter by severity
After the initial setup process, some steps of setup.php file are reachable not only by super...
Moderate
Unreviewed
CVE-2022-23134
was published
Feb 9, 2022
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar...
Moderate
Unreviewed
CVE-2021-29394
was published
Feb 9, 2022
An improper access control vulnerability [CWE-284] in FortiAuthenticator HA service 6.3.2 and...
Moderate
Unreviewed
CVE-2021-36177
was published
Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and...
Moderate
Unreviewed
CVE-2021-24947
was published
Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF...
Moderate
Unreviewed
CVE-2021-24993
was published
Feb 8, 2022
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in...
Moderate
Unreviewed
CVE-2021-25097
was published
Feb 2, 2022
The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor...
Moderate
Unreviewed
CVE-2021-24733
was published
Jan 25, 2022
Mattermost 6.1 and earlier fails to sufficiently validate permissions while viewing archived...
Moderate
Unreviewed
CVE-2021-37864
was published
Jan 19, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.3. Under...
Moderate
Unreviewed
CVE-2022-0172
was published
Jan 19, 2022
An issue was discovered in Delta RM 1.2. The /risque/risque/workflow/reset endpoint is lacking...
Moderate
Unreviewed
CVE-2021-44836
was published
Jan 19, 2022
An issue was discovered in SysAid ITIL 20.4.74 b10. The /enduserreg endpoint is used to register...
Moderate
Unreviewed
CVE-2021-43974
was published
Jan 12, 2022
Secure Boot Security Feature Bypass Vulnerability.
Moderate
Unreviewed
CVE-2022-21894
was published
Jan 12, 2022
Windows Extensible Firmware Interface Security Feature Bypass Vulnerability.
Moderate
Unreviewed
CVE-2022-21899
was published
Jan 12, 2022
Local Security Authority (Domain Policy) Remote Protocol Security Feature Bypass.
Moderate
Unreviewed
CVE-2022-21913
was published
Jan 12, 2022
Incorrect authorization vulnerability in KONICA MINOLTA bizhub series (bizhub C750i G00-35 and...
Moderate
Unreviewed
CVE-2021-20868
was published
Jan 5, 2022
Insufficient policy enforcement in contacts picker in Google Chrome on Android prior to 96.0.4664...
Moderate
Unreviewed
CVE-2021-38020
was published
Dec 24, 2021
Insufficient policy enforcement in CORS in Google Chrome prior to 96.0.4664.45 allowed a remote...
Moderate
Unreviewed
CVE-2021-38019
was published
Dec 24, 2021
Stormshield Endpoint Security 2.x before 2.1.2 has Incorrect Access Control.
Moderate
Unreviewed
CVE-2021-45089
was published
Dec 22, 2021
Stormshield Endpoint Security from 2.1.0 to 2.1.1 has Incorrect Access Control.
Moderate
Unreviewed
CVE-2021-45091
was published
Dec 22, 2021
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0...
Moderate
Unreviewed
CVE-2021-38900
was published
Dec 22, 2021
It has been reported that any Orion user, e.g. guest accounts can query the Orion.UserSettings...
Moderate
Unreviewed
CVE-2021-35248
was published
Dec 21, 2021
The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation...
Moderate
Unreviewed
CVE-2021-24819
was published
Dec 14, 2021
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation...
Moderate
Unreviewed
CVE-2021-24836
was published
Dec 14, 2021
The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as...
Moderate
Unreviewed
CVE-2021-24872
was published
Dec 14, 2021
A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows...
Moderate
Unreviewed
CVE-2021-36169
was published
Dec 14, 2021
ProTip!
Advisories are also available from the
GraphQL API