Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,344
Erlang
31
GitHub Actions
22
Go
2,109
Maven
5,000+
npm
3,765
NuGet
680
pip
3,453
Pub
12
RubyGems
892
Rust
887
Swift
37
Unreviewed advisories
All unreviewed
5,000+

2,670 advisories

Loading
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed
CVE-2021-25013 was published Jan 25, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it Moderate
CVE-2022-0179 was published for snipe/snipe-it (Composer) Jan 21, 2022
An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5,... Moderate Unreviewed
CVE-2022-0152 was published Jan 19, 2022
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF... Moderate Unreviewed
CVE-2021-25025 was published Jan 18, 2022
Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE... Moderate Unreviewed
CVE-2021-40327 was published Jan 14, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin Moderate
CVE-2022-20614 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022
NotMyFault westonsteimel
secjoker
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate
CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Missing permission check in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23112 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
Missing Authorization in DayByDay CRM Moderate
CVE-2022-22107 was published for bottelet/flarepoint (Composer) Jan 8, 2022
Missing Authorization in DayByDay CRM Moderate
CVE-2022-22108 was published for bottelet/flarepoint (Composer) Jan 8, 2022
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for... Moderate Unreviewed
CVE-2021-43333 was published Jan 2, 2022
The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API... Moderate Unreviewed
CVE-2021-24997 was published Dec 28, 2021
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37... Moderate Unreviewed
CVE-2021-44857 was published Dec 18, 2021
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... Moderate Unreviewed
CVE-2021-27858 was published Dec 16, 2021
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html... Moderate Unreviewed
CVE-2021-44937 was published Dec 15, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... Moderate Unreviewed
CVE-2021-20867 was published Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... Moderate Unreviewed
CVE-2021-20866 was published Dec 14, 2021
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation... Moderate Unreviewed
CVE-2021-24790 was published Dec 14, 2021
Permissions not properly checked in Invenio-Drafts-Resources Moderate
CVE-2021-43781 was published for invenio-app-rdm (pip) Dec 6, 2021
lnielsen
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which... Moderate Unreviewed
CVE-2021-24842 was published Nov 30, 2021
Electron's sandboxed renderers can obtain thumbnails of arbitrary files through the nativeImage API Moderate
CVE-2021-39184 was published for electron (npm) Oct 12, 2021
nornagon
Exposure of sensitive information in Elasticsearch Moderate
CVE-2021-22147 was published for org.elasticsearch:elasticsearch (Maven) Sep 20, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database