Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

535 advisories

Loading
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and... High Unreviewed
CVE-2021-39341 was published May 24, 2022
RoboHelp Server earlier versions than RHS 11 Update 3 are affected by an Improper Authorization... Moderate Unreviewed
CVE-2022-30670 was published Jun 17, 2022
Improper authorization vulnerability in QSAN Storage Manager allows remote privileged users to... Critical Unreviewed
CVE-2021-32523 was published May 24, 2022
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the... Critical Unreviewed
CVE-2021-41974 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24192 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24190 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24195 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24194 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP... High Unreviewed
CVE-2021-24191 was published May 24, 2022
An improper authorization flaw was discovered in openstack-selinux's applied policy where it does... Moderate Unreviewed
CVE-2020-1690 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24193 was published May 24, 2022
XWiki Platform Improper Authorization check for inactive users High
CVE-2022-36090 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Sep 16, 2022
Improper Authorization in Undertoe High
CVE-2020-1745 was published for io.undertow:undertow-core (Maven) May 24, 2022
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to... High Unreviewed
CVE-2021-24739 was published Dec 22, 2021
Improper Authorization in Jenkins Moderate
CVE-2018-1000408 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
Improper Authorization in Apache Xalan-Java High
CVE-2014-0107 was published for xalan:xalan (Maven) May 13, 2022
Adobe Bridge versions 10.1.1 (and earlier) and 11.0.1 (and earlier) are affected by an Improper... Moderate Unreviewed
CVE-2021-21096 was published May 24, 2022
Improper Authorization in grumpydictator/firefly-iii Moderate
CVE-2023-0298 was published for grumpydictator/firefly-iii (Composer) Jan 14, 2023
Improper Authorization in org.apache.hbase:hbase High
CVE-2019-0212 was published for org.apache.hbase:hbase (Maven) Apr 2, 2019
Potential privilege escalation on Kubernetes >= v1.19 when the Argo Sever is run with `--auth-mode=client` Low
GHSA-prqf-xr2j-xf65 was published for github.com/argoproj/argo-workflows/v3 (Go) Aug 23, 2021
Access Restriction Bypass in Docker Moderate
CVE-2014-6408 was published for github.com/docker/docker (Go) Feb 15, 2022
Arbitrary Code Execution High
CVE-2014-9357 was published for github.com/docker/docker (Go) Feb 15, 2022
Improper Authorization in passport-cognito Critical
CVE-2019-19723 was published for passport-cognito (npm) Sep 4, 2020
Authorization Bypass in graphql-shield Low
GHSA-hx78-272p-mqqh was published for graphql-shield (npm) Sep 3, 2020
Improper Authorization in loopback High
GHSA-8wgc-jjvv-cv6v was published for loopback (npm) Sep 2, 2020
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database