Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,820
Erlang
36
GitHub Actions
32
Go
2,412
Maven
5,000+
npm
4,050
NuGet
723
pip
3,844
Pub
12
RubyGems
933
Rust
1,004
Swift
38
Unreviewed advisories
All unreviewed
5,000+

3,228 advisories

Loading
Apple iOS before 8.4.1 and OS X before 10.10.5 allow local users to bypass a code-signing... High Unreviewed
CVE-2015-3806 was published May 17, 2022
A vulnerability in Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent... Moderate Unreviewed
CVE-2021-1515 was published May 24, 2022
A flaw was found in Red Hat 3scale’s API docs URL, where it is accessible without credentials.... Moderate Unreviewed
CVE-2020-25634 was published May 24, 2022
Plugin Settings Update vulnerability in ShortPixel's ShortPixel Adaptive Images plugin <= 3.3.1... Moderate Unreviewed
CVE-2022-29417 was published Apr 26, 2022
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6... High Unreviewed
CVE-2021-21083 was published May 24, 2022
A flaw was found in Red Hat Quay, where it does not properly protect the authorization token when... Moderate Unreviewed
CVE-2020-27831 was published May 24, 2022
Improper Access Control in MySQL Connector Python High
CVE-2019-2435 was published for mysql-connector-python (pip) May 13, 2022
Improper Access Control in Apache Derby Moderate
CVE-2018-1313 was published for org.apache.derby:derby (Maven) May 13, 2022
Improper Access Control in Elasticsearch High
CVE-2019-7611 was published for org.elasticsearch:elasticsearch (Maven) May 13, 2022
Improper Access Control in Telerik Extensions Moderate
CVE-2018-17060 was published for TelerikMvcExtensions (NuGet) May 13, 2022
A vulnerability in the boot logic of Cisco Access Points Software could allow an authenticated,... Moderate Unreviewed
CVE-2021-1449 was published May 24, 2022
Improper Access Control in Apache Derby High
CVE-2010-2232 was published for org.apache.derby:derby (Maven) May 17, 2022
Improper Access Control in MySQL Connectors Java Moderate
CVE-2015-2575 was published for mysql:mysql-connector-java (Maven) May 17, 2022
Improper Access Control in Apache WSS4J Moderate
CVE-2015-0227 was published for org.apache.ws.security:wss4j (Maven) May 14, 2022
Improper Access Control in Elasticsearch High
CVE-2015-4165 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
The flo-launch WordPress plugin before 2.4.1 injects code into wp-config.php when creating a... Critical Unreviewed
CVE-2022-0541 was published Apr 26, 2022
Acrobat Reader DC versions versions 2020.013.20074 (and earlier), 2020.001.30018 (and earlier)... High Unreviewed
CVE-2021-21045 was published May 24, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2014-7810 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
Improper Access Control in Apache Hadoop High
CVE-2016-5393 was published for org.apache.hadoop:hadoop-common (Maven) May 17, 2022
Improper Access Control in MySQL Connectors Java High
CVE-2017-3523 was published for mysql:mysql-connector-java (Maven) May 13, 2022
Improper Access Control in Apache Tomcat Moderate
CVE-2012-5885 was published for org.apache.tomcat:tomcat (Maven) May 17, 2022
Improper Access Control in Elasticsearch High
CVE-2015-1427 was published for org.elasticsearch:elasticsearch (Maven) May 14, 2022
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and... Moderate Unreviewed
CVE-2021-24730 was published Mar 1, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with... Moderate Unreviewed
CVE-2021-24845 was published Dec 14, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database