Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,340
Erlang
31
GitHub Actions
22
Go
2,099
Maven
5,000+
npm
3,764
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
883
Swift
37
Unreviewed advisories
All unreviewed
5,000+

984 advisories

Loading
The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior... High Unreviewed
CVE-2021-25094 was published Apr 26, 2022
Zoho ManageEngine OpManager before 125120 allows an unauthenticated user to retrieve an API key... Moderate Unreviewed
CVE-2020-11946 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /cnr requests. High Unreviewed
CVE-2020-15336 was published May 24, 2022
An issue was discovered in Chadha PHPKB 9.0 Enterprise Edition. installer/test-connection.php ... Moderate Unreviewed
CVE-2020-11579 was published May 24, 2022
Grandstream GRP261x VoIP phone running firmware version 1.0.3.6 (Base) allow Authentication... Critical Unreviewed
CVE-2020-25218 was published May 24, 2022
An exploitable improper access control vulnerability exists in the bluetooth low energy... Moderate Unreviewed
CVE-2019-5014 was published May 24, 2022
An exploitable denial-of-service vulnerability exists in the UDPRelay functionality of... High Unreviewed
CVE-2019-5163 was published May 24, 2022
An information disclosure vulnerability exists in the OAS Engine SecureTransferFiles... High Unreviewed
CVE-2022-26067 was published May 26, 2022
An external config control vulnerability exists in the OAS Engine SecureAddSecurity functionality... High Unreviewed
CVE-2022-26043 was published May 26, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has no authentication for /registerCpe requests. High Unreviewed
CVE-2020-15335 was published May 24, 2022
AVE DOMINAplus <=1.10.x suffers from an unauthenticated reboot command execution. Attackers can... High Unreviewed
CVE-2020-21996 was published May 24, 2022
A denial of service vulnerability exists in the OAS Engine SecureConfigValues functionality of... High Unreviewed
CVE-2022-26026 was published May 26, 2022
TP-Link TL-WR840N EU v6.20 was discovered to contain insecure protections for its UART console.... High Unreviewed
CVE-2022-29402 was published May 26, 2022
A vulnerability has been identified in SCALANCE X-200 switch family (incl. SIPLUS NET variants) ... High Unreviewed
CVE-2020-15799 was published May 24, 2022
Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer... High Unreviewed
CVE-2020-7389 was published May 24, 2022
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5... Critical Unreviewed
CVE-2020-36239 was published May 24, 2022
The POWER systems FSP is vulnerable to unauthenticated logins through the serial port/TTY... Moderate Unreviewed
CVE-2022-22309 was published May 25, 2022
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4... Moderate Unreviewed
CVE-2021-24219 was published May 24, 2022
In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal... High Unreviewed
CVE-2021-20990 was published May 24, 2022
OpenVPN 2.5.1 and earlier versions allows a remote attackers to bypass authentication and access... High Unreviewed
CVE-2020-15078 was published May 24, 2022
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access... High Unreviewed
CVE-2020-17517 was published May 24, 2022
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the... Critical Unreviewed
CVE-2021-41974 was published May 24, 2022
A vulnerability has been identified in SICAM GridEdge Essential ARM (All versions < V2.6.6),... Critical Unreviewed
CVE-2022-30230 was published Jun 15, 2022
HashiCorp Vault Enterprise 0.9.2 through 1.6.2 allowed the read of license metadata from DR... Moderate Unreviewed
CVE-2021-27668 was published May 24, 2022
A vulnerability in authentication mechanism of Cisco Software-Defined Application Visibility and... Moderate Unreviewed
CVE-2022-20830 was published Oct 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database