Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,342
Erlang
31
GitHub Actions
22
Go
2,106
Maven
5,000+
npm
3,764
NuGet
679
pip
3,451
Pub
12
RubyGems
892
Rust
885
Swift
37
Unreviewed advisories
All unreviewed
5,000+

263 advisories

Loading
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually Moderate
CVE-2021-32659 was published for matrix-appservice-bridge (npm) Jun 21, 2021
Missing Authentication for Critical Function Moderate
CVE-2021-32709 was published for shopware/platform (Composer) Jun 29, 2021
The browser native UI in Google Chrome before 17.0.963.83 does not require user confirmation... Moderate Unreviewed
CVE-2011-3055 was published May 13, 2022
A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of... Moderate Unreviewed
CVE-2018-15466 was published May 13, 2022
Hughes high-performance broadband satellite modems, models HN7740S DW7000 HN7000S/SM, lacks... Moderate Unreviewed
CVE-2016-9496 was published May 13, 2022
TP-LINK TL-WR849N 0.9.1 4.16 devices do not require authentication to replace the firmware via a... Moderate Unreviewed
CVE-2019-19143 was published May 24, 2022
The 'Find Phone' function in Nice smartphones with software versions earlier before Nice... Moderate Unreviewed
CVE-2017-2708 was published May 13, 2022
Weak access controls in the Device Logout functionality on the TP-Link TL-SG108E v1.0.0 allow... Moderate Unreviewed
CVE-2017-17747 was published May 13, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow... Moderate Unreviewed
CVE-2022-22809 was published Feb 11, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent... Moderate Unreviewed
CVE-2021-20152 was published Dec 31, 2021
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2021-34870 was published Jan 26, 2022
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All... Moderate Unreviewed
CVE-2021-26264 was published Jan 29, 2022
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have... Moderate Unreviewed
CVE-2022-24111 was published Feb 11, 2022
In BIG-IQ 6.0.0-6.1.0, services for stats do not require authentication nor do they implement any... Moderate Unreviewed
CVE-2019-6652 was published May 24, 2022
The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for... Moderate Unreviewed
CVE-2020-20627 was published May 24, 2022
Intelbras WRN240 devices do not require authentication to replace the firmware via a POST request... Moderate Unreviewed
CVE-2019-19142 was published May 24, 2022
VDSM and libvirt in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H) 7-7.x before 7-7.2... Moderate Unreviewed
CVE-2015-5201 was published May 24, 2022
Comba AP2600-I devices through A02,0202N00PD2 are prone to password disclosure via a simple... Moderate Unreviewed
CVE-2019-15654 was published May 24, 2022
Missing Role Based Access Control for the REST handlers in bleve/http package Moderate
CVE-2022-31022 was published for github.com/blevesearch/bleve (Go) Jun 3, 2022
VMware Workspace ONE Content contains a passcode bypass vulnerability. A malicious actor, with... Moderate Unreviewed
CVE-2023-20857 was published Feb 28, 2023
Due to insufficient input sanitization, SAP ABAP - versions 751, 753, 753, 754, 756, 757, 791,... Moderate Unreviewed
CVE-2023-25615 was published Mar 14, 2023
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any... Moderate Unreviewed
CVE-2023-24526 was published Mar 14, 2023
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the Data Server... Moderate Unreviewed
CVE-2023-27983 was published Mar 21, 2023
In Couchbase Server 5 through 7 before 7.1.4, the nsstats endpoint is accessible without... Moderate Unreviewed
CVE-2023-28470 was published Mar 23, 2023
The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired... Moderate Unreviewed
CVE-2020-24588 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database