GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
836 advisories
Filter by severity
Possible bypass of token claim validation when OAuth2 Introspection caching is enabled
High
GHSA-qvp4-rpmr-xwrr
was published
for
github.com/ory/oathkeeper
(Go)
Jun 23, 2021
Improper Authorization in github.com/containers/libpod
High
CVE-2021-20188
was published
for
github.com/containers/libpod
(Go)
May 18, 2021
Information disclosure issue in Active Resource
High
CVE-2020-8151
was published
for
activeresource
(RubyGems)
May 21, 2020
Incorrect Authorization in WildFly Elytron
High
CVE-2020-1748
was published
for
org.wildfly.security:wildfly-elytron
(Maven)
Feb 15, 2022
Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R)...
High
Unreviewed
CVE-2021-33118
was published
Nov 18, 2021
Improper access control on the LocalClientList.asp interface allows an unauthenticated remote...
High
Unreviewed
CVE-2022-25214
was published
Mar 11, 2022
An issue was discovered in Luna Simo PPR1.180610.011/202001031830. A pre-installed app with a...
High
Unreviewed
CVE-2021-41850
was published
Mar 13, 2022
Improper Authorization in org.cometd.oort
High
CVE-2022-24721
was published
for
org.cometd.java:cometd-java-oort
(Maven)
Mar 15, 2022
Istio Fragments in Path May Lead to Authorization Policy Bypass
High
CVE-2021-39156
was published
for
istio.io/istio
(Go)
Aug 30, 2021
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more...
High
Unreviewed
CVE-2022-23033
was published
Jan 26, 2022
In Gradle Enterprise before 2021.4.2, the default built-in build cache configuration allowed...
High
Unreviewed
CVE-2022-25364
was published
Mar 18, 2022
This issue was addressed with improved checks. This issue is fixed in watchOS 8.5, iOS 15.4 and...
High
Unreviewed
CVE-2022-22618
was published
Mar 19, 2022
A flaw was found in Quarkus. The state and potentially associated permissions can leak from one...
High
Unreviewed
CVE-2022-0981
was published
Mar 24, 2022
The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows...
High
Unreviewed
CVE-2022-30594
was published
May 13, 2022
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior,...
High
Unreviewed
CVE-2021-20864
was published
Dec 2, 2021
There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of...
High
Unreviewed
CVE-2021-37038
was published
Dec 8, 2021
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire...
High
Unreviewed
CVE-2021-43051
was published
Dec 15, 2021
An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy...
High
Unreviewed
CVE-2021-3456
was published
Mar 31, 2022
In PackageManager, there is a possible way to change the splash screen theme of other apps due to...
High
Unreviewed
CVE-2021-39750
was published
Mar 31, 2022
In incfs, there is a possible way of mounting on arbitrary paths due to a missing permission...
High
Unreviewed
CVE-2022-20002
was published
Mar 31, 2022
In WindowManager, there is a possible way to start non-exported and protected activities due to a...
High
Unreviewed
CVE-2021-39749
was published
Mar 31, 2022
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control...
High
Unreviewed
CVE-2021-43771
was published
Dec 1, 2021
In Telecom, there is a possible leak of TTY mode change due to a missing permission check. This...
High
Unreviewed
CVE-2021-39789
was published
Mar 31, 2022
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing...
High
Unreviewed
CVE-2021-39790
was published
Mar 31, 2022
Access Control vulnerability in Dolibarr
High
CVE-2021-37517
was published
for
dolibarr/dolibarr
(Composer)
Apr 1, 2022
ProTip!
Advisories are also available from the
GraphQL API