GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,270
Erlang
31
GitHub Actions
21
Go
2,046
Maven
5,000+
npm
3,737
NuGet
663
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
986 advisories
Filter by severity
Validation Bypass in schema-inspector
Critical
CVE-2019-10781
was published
for
schema-inspector
(npm)
Jun 10, 2020
Context isolation bypass in Electron
Low
CVE-2020-15215
was published
for
electron
(npm)
Oct 6, 2020
After order payment process manipulation in shopware/platform and shopware/core
Critical
GHSA-88rc-3p98-rgvx
was published
for
shopware/core
(Composer)
Apr 13, 2021
Leak of information via Store-API aggregations in shopware/platform and shopware/core
Critical
GHSA-qg7c-q3vq-rgxr
was published
for
shopware/core
(Composer)
Apr 13, 2021
Java Merge-sort Insecure Temporary File vulnerability
Moderate
CVE-2022-24913
was published
for
com.fasterxml.util:java-merge-sort
(Maven)
Jan 12, 2023
Apache Superset has Improper Access Control
Moderate
CVE-2022-45438
was published
for
apache-superset
(pip)
Jan 16, 2023
An Improper Access Control Vulnerability in the SMA100 series leads to multiple restricted...
High
Unreviewed
CVE-2021-20050
was published
Dec 24, 2021
There is an unauthorized access vulnerability in system components. Successful exploitation of...
High
Unreviewed
CVE-2021-40051
was published
Mar 11, 2022
Some AMD CPUs may transiently execute beyond unconditional direct branches, which may potentially...
Moderate
Unreviewed
CVE-2021-26341
was published
Mar 12, 2022
Improper access control vulnerability in McAfee WebAdvisor Chrome and Edge browser extensions up...
High
Unreviewed
CVE-2022-0815
was published
Mar 12, 2022
IBM Engineering Workflow Management 7.0, 7.0.1, and 7.0.2 and IBM Rational Team Concert 6.0.6 and...
Moderate
Unreviewed
CVE-2020-4989
was published
Mar 16, 2022
The /rest-service-fecru/server-v1 resource in Fisheye and Crucible before version 4.8.9 allowed...
Moderate
Unreviewed
CVE-2021-43955
was published
Mar 17, 2022
In __show_regs of process.c, there is a possible leak of kernel memory and addresses due to log...
Moderate
Unreviewed
CVE-2021-39715
was published
Mar 17, 2022
OSGi applications using Vaadin 12-14 and 19 vulnerable to server classes and resources exposure
High
CVE-2021-31407
was published
for
com.vaadin:flow-server
(Maven)
Apr 19, 2021
Elvish vulnerable to remote code execution via the web UI backend
High
CVE-2021-41088
was published
for
github.com/elves/elvish
(Go)
Sep 23, 2021
An information disclosure issue was addressed with improved state management. This issue is fixed...
High
Unreviewed
CVE-2022-22579
was published
Mar 19, 2022
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4. A...
Moderate
Unreviewed
CVE-2022-22622
was published
Mar 19, 2022
An issue with app access to camera metadata was addressed with improved logic. This issue is...
Low
Unreviewed
CVE-2022-22598
was published
Mar 19, 2022
The GSMA authentication panel could be presented on the lock screen. The issue was resolved by...
Moderate
Unreviewed
CVE-2022-22652
was published
Mar 19, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
High
Unreviewed
CVE-2022-23345
was published
Mar 22, 2022
Piwigo v12.2.0 was discovered to contain an information leak via the action parameter in /admin...
High
Unreviewed
CVE-2022-26267
was published
Mar 20, 2022
A permissions issue was addressed with improved validation. This issue is fixed in Security...
Moderate
Unreviewed
CVE-2022-22583
was published
Mar 19, 2022
OpenEMR v6.0.0 was discovered to contain an incorrect access control issue.
Moderate
Unreviewed
CVE-2022-25041
was published
Mar 25, 2022
GE UR firmware versions prior to version 8.1x shares MODBUS memory map as part of the...
Moderate
Unreviewed
CVE-2021-27424
was published
Mar 24, 2022
Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not...
Critical
Unreviewed
CVE-2022-27919
was published
Mar 26, 2022
ProTip!
Advisories are also available from the
GraphQL API