GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
941 advisories
Filter by severity
Cross-domain vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, and 7 allows remote...
Moderate
Unreviewed
CVE-2008-2947
was published
May 1, 2022
MoinMoin vulnerable to privilege escalation
Moderate
CVE-2008-1937
was published
for
moin
(pip)
May 1, 2022
Roundup xml-rpc server improper check of property permissions
Moderate
CVE-2008-1475
was published
for
roundup
(pip)
May 1, 2022
JULI logging component in Apache Tomcat does not restrict certain permissions for web applications
Moderate
CVE-2007-5342
was published
for
org.apache.tomcat:tomcat-juli
(Maven)
May 1, 2022
Zope allows attackers to modify raw image and file data
Moderate
CVE-2000-1212
was published
for
zope
(pip)
Apr 30, 2022
The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization...
Moderate
Unreviewed
CVE-2022-0634
was published
Apr 26, 2022
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1...
Moderate
Unreviewed
CVE-2022-29417
was published
Apr 26, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23...
Moderate
Unreviewed
CVE-2022-25650
was published
Apr 13, 2022
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical...
Moderate
Unreviewed
CVE-2022-25831
was published
Apr 12, 2022
Improper Access Control in GitHub repository phpipam/phpipam prior to 1.4.6.
Moderate
Unreviewed
CVE-2022-1223
was published
Apr 5, 2022
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
Moderate
Unreviewed
CVE-2022-0405
was published
Apr 4, 2022
Path traversal allows leaking out-of-bound files from Argo CD repo-server
Moderate
CVE-2022-24731
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware...
Moderate
Unreviewed
CVE-2022-24930
was published
Mar 11, 2022
A vulnerability has been identified in Mendix Applications using Mendix 7 (All versions < V7.23...
Moderate
Unreviewed
CVE-2022-26317
was published
Mar 9, 2022
The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to...
Moderate
Unreviewed
CVE-2021-24825
was published
Mar 8, 2022
The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1,...
Moderate
Unreviewed
CVE-2021-24824
was published
Mar 8, 2022
Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5.
Moderate
Unreviewed
CVE-2022-0755
was published
Mar 8, 2022
JFrog Artifactory before 7.31.10, is vulnerable to Broken Access Control where a project admin...
Moderate
Unreviewed
CVE-2021-46270
was published
Mar 3, 2022
The Orange Form WordPress plugin through 1.0.1 does not have any authorisation and CSRF checks in...
Moderate
Unreviewed
CVE-2021-24688
was published
Mar 1, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and...
Moderate
Unreviewed
CVE-2021-24730
was published
Mar 1, 2022
Authorization bypass in Istio
Moderate
CVE-2020-16844
was published
for
istio.io/istio
(Go)
Feb 15, 2022
Incorrect Authorization in Drupal core
Moderate
CVE-2020-13676
was published
for
drupal/core
(Composer)
Feb 12, 2022
An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to...
Moderate
Unreviewed
CVE-2022-23994
was published
Feb 12, 2022
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12)...
Moderate
Unreviewed
CVE-2022-23433
was published
Feb 12, 2022
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a...
Moderate
Unreviewed
CVE-2022-24924
was published
Feb 12, 2022
ProTip!
Advisories are also available from the
GraphQL API