Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,002
Maven
5,000+
npm
3,713
NuGet
661
pip
3,384
Pub
11
RubyGems
885
Rust
850
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

700 advisories

Loading
Mitel 6800 and 6900 Series SIP phone devices through 2022-04-27 have "undocumented functionality.... High Unreviewed
CVE-2022-29855 was published May 12, 2022
Windows Authentication Security Feature Bypass Vulnerability. High Unreviewed
CVE-2022-26913 was published May 11, 2022
A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays, HPE... High Unreviewed
CVE-2022-23705 was published May 10, 2022
ReviewBoard: has an access-control problem in REST API High Unreviewed
CVE-2013-4410 was published May 5, 2022
Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted... High Unreviewed
CVE-2021-42192 was published May 5, 2022
An incorrect access control issue in Sandboxie Classic v5.55.13 allows attackers to cause a... High Unreviewed
CVE-2022-28067 was published May 5, 2022
An improper access control vulnerability [CWE-284] in FortiIsolator versions 2.3.2 and below may... High Unreviewed
CVE-2021-41020 was published May 5, 2022
An improper access control in Fortinet FortiSOAR before 7.2.0 allows unauthenticated attackers to... High Unreviewed
CVE-2022-23443 was published May 5, 2022
In H3C MagicR100 <=V100R005, the / Ajax / ajaxget interface can be accessed without authorization... High Unreviewed
CVE-2022-28940 was published May 5, 2022
Condor before 7.0.4 does not properly handle wildcards in the ALLOW_WRITE, DENY_WRITE,... High Unreviewed
CVE-2008-3424 was published May 2, 2022
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which... High Unreviewed
CVE-2007-2586 was published May 1, 2022
Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying... High Unreviewed
CVE-2006-6679 was published May 1, 2022
Wondershare Dr. Fone Latest version as of 2021-12-06 is vulnerable to Incorrect Access Control. A... High Unreviewed
CVE-2021-44595 was published Apr 30, 2022
USU Oracle Optimization before 5.17.5 allows attackers to discover the quantum credentials via an... High Unreviewed
CVE-2022-29935 was published Apr 30, 2022
Lexmark products through 2022-02-10 have Incorrect Access Control. High Unreviewed
CVE-2022-24935 was published Apr 29, 2022
An access bypass issue was found in Drupal 7.x before version 7.5. If a Drupal site has the... High Unreviewed
CVE-2011-2726 was published Apr 22, 2022
asterisk allows calls on prohibited networks High Unreviewed
CVE-2009-3723 was published Apr 21, 2022
An issue was discovered on Kyocera d-COLOR MF3555 2XD_S000.002.271 devices. The Web Application... High Unreviewed
CVE-2022-25342 was published Apr 21, 2022
** DISPUTED ** ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content... High Unreviewed
CVE-2022-27055 was published Apr 20, 2022
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control... High Unreviewed
CVE-2022-22190 was published Apr 15, 2022
On affected Arista EOS platforms, if a VXLAN match rule exists in an IPv4 access-list that is... High Unreviewed
CVE-2021-28505 was published Apr 15, 2022
In setServiceForegroundInnerLocked of ActiveServices.java, there is a possible way for a... High Unreviewed
CVE-2021-0694 was published Apr 13, 2022
The Salon booking system Free and Pro WordPress plugins before 7.6.3 do not have proper... High Unreviewed
CVE-2022-0920 was published Apr 12, 2022
An Access Control vulnerability exists in KevinLAB Inc Building Energy Management System 4ST BEMS... High Unreviewed
CVE-2021-37292 was published Apr 12, 2022
A permission bypass vulnerability exists when the NFC CAs access the TEE.Successful exploitation... High Unreviewed
CVE-2022-22254 was published Apr 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database