Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,358 advisories

Loading
Unrestricted Upload of File with Dangerous Type in Drupal core Critical
CVE-2020-13675 was published for drupal/core (Composer) Feb 12, 2022
Drupal core access bypass vulnerability High
CVE-2020-13677 was published for drupal/core (Composer) Feb 12, 2022
Incorrect Authorization in Drupal core Moderate
CVE-2020-13676 was published for drupal/core (Composer) Feb 12, 2022
tdunlap607
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12)... Moderate Unreviewed
CVE-2022-23433 was published Feb 12, 2022
An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to... Moderate Unreviewed
CVE-2022-23994 was published Feb 12, 2022
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a... Moderate Unreviewed
CVE-2022-24924 was published Feb 12, 2022
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China... Low Unreviewed
CVE-2022-24923 was published Feb 12, 2022
An Improper Access Control vulnerability exists in Citrix Workspace App for Linux 2012 - 2111... High Unreviewed
CVE-2022-21825 was published Feb 11, 2022
After the initial setup process, some steps of setup.php file are reachable not only by super... Moderate Unreviewed
CVE-2022-23134 was published Feb 9, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress... Moderate Unreviewed
CVE-2021-25084 was published Feb 8, 2022
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel driver, where improper... Moderate Unreviewed
CVE-2022-21813 was published Feb 8, 2022
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a... Moderate Unreviewed
CVE-2022-21816 was published Feb 8, 2022
Limited ability to spoof SAML authentication with missing audience verification in Fleet Moderate
CVE-2022-23600 was published for github.com/fleetdm/fleet/v4 (Go) Feb 7, 2022
iangcarroll
The LabTools WordPress plugin through 1.0 does not have proper authorisation and CSRF check in... Moderate Unreviewed
CVE-2021-25097 was published Feb 2, 2022
Incorrect Authorization in calibreweb Moderate
CVE-2022-0273 was published for calibreweb (pip) Jan 31, 2022
Missing Authorization in Crater Invoice Moderate
CVE-2022-0203 was published for bytefury/crater (Composer) Jan 27, 2022
Improper Access Control in snipe-it Moderate
CVE-2022-0178 was published for snipe/snipe-it (Composer) Jan 26, 2022
Prior to v0.6.1, bored-agent failed to sanitize incoming kubernetes impersonation headers... High Unreviewed
CVE-2022-0270 was published Jan 26, 2022
The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor... Moderate Unreviewed
CVE-2021-24733 was published Jan 25, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed
CVE-2021-24906 was published Jan 25, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it Moderate
CVE-2022-0179 was published for snipe/snipe-it (Composer) Jan 21, 2022
peertube is vulnerable to Improper Access Control Moderate Unreviewed
CVE-2022-0170 was published Jan 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database