Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,750
Erlang
35
GitHub Actions
29
Go
2,323
Maven
5,000+
npm
3,956
NuGet
712
pip
3,739
Pub
12
RubyGems
921
Rust
973
Swift
38
Unreviewed advisories
All unreviewed
5,000+

1,277 advisories

Loading
Laravel Booking System Booking Core 2.0 is vulnerable to Incorrect Access Control. On the... Moderate Unreviewed
CVE-2021-37331 was published May 24, 2022
api/account/register in the TH Wildau COVID-19 Contact Tracing application through 2021-09-01 has... Moderate Unreviewed
CVE-2021-33831 was published May 24, 2022
An issue has been discovered in GitLab affecting all versions. Improper access control allows... Moderate Unreviewed
CVE-2021-22228 was published May 24, 2022
Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a... Moderate Unreviewed
CVE-2021-20757 was published May 24, 2022
A local bypass security restrictions vulnerability was discovered in Aruba CX 6200F Switch Series... Moderate Unreviewed
CVE-2021-29149 was published May 24, 2022
OX Documents before 7.10.5-rev5 has Incorrect Access Control of converted images because hash... Moderate Unreviewed
CVE-2021-28093 was published May 24, 2022
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point ... Moderate Unreviewed
CVE-2019-5317 was published May 24, 2022
OX Documents before 7.10.5-rev7 has Incorrect Access Control for converted documents because hash... Moderate Unreviewed
CVE-2021-28094 was published May 24, 2022
ZTE MF971R product has a Referer authentication bypass vulnerability. Without CSRF verification,... Moderate Unreviewed
CVE-2021-21745 was published May 24, 2022
IBM Sterling File Gateway 2.2.0.0 through 6.1.1.0 could allow an authenticated user to intercept... Moderate Unreviewed
CVE-2021-20375 was published May 24, 2022
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to... Moderate Unreviewed
CVE-2008-6984 was published May 17, 2022
Certain NETGEAR devices are affected by authentication bypass. This affects D3600 before 1.0.0.72... Moderate Unreviewed
CVE-2021-38514 was published May 24, 2022
IOMMU page mapping issues on x86 T[his CNA information record relates to multiple CVEs; the text... Moderate Unreviewed
CVE-2021-28694 was published May 24, 2022
There exists an unauthenticated BLE Interface in Sloan SmartFaucets including Optima EAF, Optima... Moderate Unreviewed
CVE-2021-20107 was published May 24, 2022
A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly... Moderate Unreviewed
CVE-2021-1561 was published May 24, 2022
Protectimus SLIM NFC 70 10.01 devices allow a Time Traveler attack in which attackers can predict... Moderate Unreviewed
CVE-2021-32033 was published May 24, 2022
OX Documents before 7.10.5-rev5 has Incorrect Access Control for documents that contain XML... Moderate Unreviewed
CVE-2021-28095 was published May 24, 2022
A remote authentication bypass vulnerability was discovered in Aruba ClearPass Policy Manager... Moderate Unreviewed
CVE-2021-29151 was published May 24, 2022
Insufficient policy enforcement in File System API in Google Chrome prior to 88.0.4324.96 allowed... Moderate Unreviewed
CVE-2021-21130 was published May 24, 2022
A man-in-the-middle vulnerability in Cohesity DataPlatform support channel in version 6.3 up to 6... Moderate Unreviewed
CVE-2021-28124 was published May 24, 2022
Tenda AC18 Router through V15.03.05.05_EN and through V15.03.05.19(6318) CN devices could cause a... Moderate Unreviewed
CVE-2020-24987 was published May 24, 2022
The cluster logical volume manager daemon (clvmd) in lvm2-cluster in LVM2 before 2.02.72, as used... Moderate Unreviewed
CVE-2010-2526 was published May 17, 2022
In doNotification of AccountManagerService.java, there is a possible permission bypass due to an... Moderate Unreviewed
CVE-2021-0572 was published May 24, 2022
TYPO3 CMS missing check for expiration time of password reset token for backend users Moderate
CVE-2022-36106 was published for typo3/cms (Composer) Sep 16, 2022
infabo
Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows... Moderate Unreviewed
CVE-2021-20630 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database