GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
2,242 advisories
Filter by severity
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a...
Critical
Unreviewed
CVE-2022-0541
was published
Apr 26, 2022
Improper Access Control in Apache Derby
High
CVE-2010-2232
was published
for
org.apache.derby:derby
(Maven)
May 17, 2022
Improper Access Control in Elasticsearch
High
CVE-2015-4165
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 14, 2022
Improper Access Control in Apache WSS4J
Moderate
CVE-2015-0227
was published
for
org.apache.ws.security:wss4j
(Maven)
May 14, 2022
Improper Access Control in MySQL Connectors Java
Moderate
CVE-2015-2575
was published
for
mysql:mysql-connector-java
(Maven)
May 17, 2022
Improper Access Control in Telerik Extensions
Moderate
CVE-2018-17060
was published
for
TelerikMvcExtensions
(NuGet)
May 13, 2022
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated,...
Moderate
Unreviewed
CVE-2021-1449
was published
May 24, 2022
Improper Access Control in Elasticsearch
High
CVE-2019-7611
was published
for
org.elasticsearch:elasticsearch
(Maven)
May 13, 2022
Improper Access Control in Apache Derby
Moderate
CVE-2018-1313
was published
for
org.apache.derby:derby
(Maven)
May 13, 2022
Improper Access Control in MySQL Connector Python
High
CVE-2019-2435
was published
for
mysql-connector-python
(pip)
May 13, 2022
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when...
Moderate
Unreviewed
CVE-2020-27831
was published
May 24, 2022
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1...
Moderate
Unreviewed
CVE-2022-29417
was published
Apr 26, 2022
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6...
High
Unreviewed
CVE-2021-21083
was published
May 24, 2022
A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials....
Moderate
Unreviewed
CVE-2020-25634
was published
May 24, 2022
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent...
Moderate
Unreviewed
CVE-2021-1515
was published
May 24, 2022
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing...
High
Unreviewed
CVE-2015-3806
was published
May 17, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib...
High
Unreviewed
CVE-2021-24906
was published
Jan 25, 2022
Improper Access Control in GitHub repository janeczku/calibre-web prior to 0.6.16.
Moderate
Unreviewed
CVE-2022-0405
was published
Apr 4, 2022
AppleFileConduit in Apple iOS before 8.4.1 allows attackers to bypass intended restrictions on...
Moderate
Unreviewed
CVE-2015-5746
was published
May 17, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up...
High
Unreviewed
CVE-2022-0815
was published
Mar 12, 2022
All versions up to ZXINOS-RESV1.01.43 of the ZTE ZXIN10 product European region are impacted by...
Critical
Unreviewed
CVE-2018-7364
was published
May 13, 2022
An unauthorized user could possibly delete any file on the system.
High
Unreviewed
CVE-2022-46331
was published
Jan 18, 2023
A vulnerability was found in Little Apps Little Software Stats. It has been declared as critical....
Critical
Unreviewed
CVE-2015-10057
was published
Jan 16, 2023
Apache Superset has Improper Access Control
Moderate
CVE-2022-45438
was published
for
apache-superset
(pip)
Jan 16, 2023
ProTip!
Advisories are also available from the
GraphQL API