GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
498 advisories
Filter by severity
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass...
High
Unreviewed
CVE-2013-7245
was published
May 14, 2022
Microsoft Windows 8.1, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 do not properly check...
High
Unreviewed
CVE-2016-3352
was published
May 14, 2022
phpMyFAQ before 2.8.13 allows remote authenticated users with admin privileges to bypass...
Moderate
Unreviewed
CVE-2014-6049
was published
May 14, 2022
An issue was discovered in certain Apple products. iOS before 10.2 is affected. watchOS before 3...
Moderate
Unreviewed
CVE-2016-7651
was published
May 14, 2022
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS...
High
Unreviewed
CVE-2016-5420
was published
May 14, 2022
ProjectSend (formerly cFTP) r582 allows Insecure Direct Object Reference via includes/actions.log...
Critical
Unreviewed
CVE-2016-10734
was published
May 14, 2022
AxiomSL's Axiom java applet module (used for editing uploaded Excel files and associated Java RMI...
Critical
Unreviewed
CVE-2015-5463
was published
May 14, 2022
Improper Authorization in Jenkins
Moderate
CVE-2018-1000408
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper authorization in Jenkins Job and Node Ownership Plugin
Moderate
CVE-2018-1000107
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
May 13, 2022
Hospira Plum A+ Infusion System version 13.4 and prior, Plum A+3 Infusion System version 13.6 and...
Critical
Unreviewed
CVE-2015-3954
was published
May 13, 2022
IBM UrbanCode Deploy 6.0 through 6.2.2.1 could allow an authenticated user to read sensitive...
Moderate
Unreviewed
CVE-2016-0373
was published
May 13, 2022
An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its...
High
Unreviewed
CVE-2016-7035
was published
May 13, 2022
It was found that the CloudForms before 5.6.2.2, and 5.7.0.7 did not properly apply permissions...
High
Unreviewed
CVE-2016-7071
was published
May 13, 2022
Nextcloud Server before 9.0.54 and 10.0.0 suffers from an improper authorization check on...
Moderate
Unreviewed
CVE-2016-9464
was published
May 13, 2022
Ipa versions 4.2.x, 4.3.x before 4.3.3 and 4.4.x before 4.4.3 did not properly check the user's...
Moderate
Unreviewed
CVE-2016-9575
was published
May 13, 2022
A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA)...
High
Unreviewed
CVE-2018-15465
was published
May 13, 2022
Kibana before 4.5.4 and 4.1.11 when a custom output is configured for logging in, cookies and...
High
Unreviewed
CVE-2016-1000219
was published
May 13, 2022
Improper Authorization in Apache Xalan-Java
High
CVE-2014-0107
was published
for
xalan:xalan
(Maven)
May 13, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003004
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Improper Authorization in Jenkins Core
High
CVE-2019-1003003
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions...
Moderate
Unreviewed
CVE-2018-14662
was published
May 13, 2022
An improper authorization vulnerability in Palo Alto Network Cortex XSOAR software enables...
Moderate
Unreviewed
CVE-2022-0027
was published
May 12, 2022
Privilege escalation for users with create/update permissions in Global Roles in Rancher
Moderate
CVE-2021-36784
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Write access to the catalog for any user when restricted-admin role is enabled in Rancher
High
CVE-2021-4200
was published
for
github.com/rancher/rancher
(Go)
May 2, 2022
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level...
High
Unreviewed
CVE-2021-43939
was published
Apr 29, 2022
ProTip!
Advisories are also available from the
GraphQL API