Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,872
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

1,338 advisories

Loading
SonLogger before 6.4.1 is affected by user creation with any user permissions profile (e.g.,... High Unreviewed
CVE-2021-27963 was published May 24, 2022
Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor... High Unreviewed
CVE-2021-27962 was published May 24, 2022
Multiple files and folders in Utimaco SecurityServer 4.20.0.4 and 4.31.1.0. are installed with... High Unreviewed
CVE-2020-26155 was published May 24, 2022
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the... Moderate Unreviewed
CVE-2021-30478 was published May 24, 2022
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of the... Moderate Unreviewed
CVE-2021-30479 was published May 24, 2022
Local information disclosure via system temporary directory Moderate
CVE-2021-28168 was published for org.glassfish.jersey.core:jersey-common (Maven) Apr 23, 2021
JLLeitschuh
IBM UrbanCode Deploy (UCD) 6.2.7.3, 6.2.7.4, 6.2.7.8 , 6.2.7.9, 7.0.3.0, 7.0.4.0, 7.0.5.4, 7.1.0... Moderate Unreviewed
CVE-2021-29711 was published May 24, 2022
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2.... Moderate Unreviewed
CVE-2021-30156 was published May 24, 2022
Missing Authorization in Apache Archiva Moderate
CVE-2022-29405 was published for org.apache.archiva:archiva (Maven) May 26, 2022
An issue was discovered in Zulip Server before 3.4. A bug in the implementation of replies to... Moderate Unreviewed
CVE-2021-30477 was published May 24, 2022
IBM QRadar User Behavior Analytics 1.0.0 through 4.1.0 could disclose sensitive information due... Moderate Unreviewed
CVE-2021-20429 was published May 24, 2022
IBM Security Identity Manager 7.0.2 could allow an authenticated user to bypass security and... High Unreviewed
CVE-2021-29686 was published May 24, 2022
Brocade SANnav before version 2.1.1 allows an authenticated attacker to list directories, and... Moderate Unreviewed
CVE-2020-15385 was published May 24, 2022
The Mozilla Maintenance Service granted SERVICE_START access to BUILTIN|Users which, in a domain... Moderate Unreviewed
CVE-2021-29951 was published May 24, 2022
In JetBrains Hub before 2020.1.12629, an authenticated user can delete 2FA settings of any other... Moderate Unreviewed
CVE-2021-25759 was published May 24, 2022
Improper access control vulnerability in ELECOM LD-PS/U1 allows remote attackers to change the... High Unreviewed
CVE-2021-20643 was published May 24, 2022
In archiveStoredConversation of MmsService.java, there is a possible way to archive message... High Unreviewed
CVE-2021-0539 was published May 24, 2022
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions,... Critical Unreviewed
CVE-2020-13421 was published May 24, 2022
Talk 4 in Coral before 4.12.1 allows remote attackers to discover e-mail addresses and other... High Unreviewed
CVE-2021-35970 was published May 24, 2022
An issue was discovered in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. When... Moderate Unreviewed
CVE-2021-30152 was published May 24, 2022
In SapphireIMS 5.0, it is possible to create local administrator on any client with credentials... High Unreviewed
CVE-2020-25564 was published May 24, 2022
An incorrect permission assignment vulnerability in Trend Micro Apex One and Apex One as a... High Unreviewed
CVE-2022-30700 was published May 28, 2022
In telephony, there is a possible information disclosure due to a missing permission check. This... Moderate Unreviewed
CVE-2022-21748 was published Jun 7, 2022
A flaw was discovered in Continuous Delivery for Puppet Enterprise (CD4PE) that results in a user... High Unreviewed
CVE-2021-27024 was published May 24, 2022
AVideo/YouPHPTube 10.0 and prior is affected by Insecure file write. An administrator privileged... High Unreviewed
CVE-2021-25877 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database