Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,361 advisories

Loading
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed
CVE-2021-24906 was published Jan 25, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it Moderate
CVE-2022-0179 was published for snipe/snipe-it (Composer) Jan 21, 2022
peertube is vulnerable to Improper Access Control Moderate Unreviewed
CVE-2022-0170 was published Jan 12, 2022
peertube is vulnerable to Improper Access Control High Unreviewed
CVE-2022-0133 was published Jan 11, 2022
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4194 was published for ssddanbrown/bookstack (Composer) Jan 8, 2022
BookStack is vulnerable to Improper Access Control. Moderate
CVE-2021-4119 was published for ssddanbrown/bookstack (Composer) Dec 16, 2021
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with... Moderate Unreviewed
CVE-2021-24845 was published Dec 14, 2021
The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user... Moderate Unreviewed
CVE-2021-24859 was published Dec 14, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Insulet Omnipod Insulin Management System insulin pump product ID 19191 and 40160 is designed to... High Unreviewed
CVE-2020-10627 was published Dec 2, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24703 was published Nov 24, 2021
Adobe Creative Cloud version 5.5 (and earlier) are affected by a privilege escalation... High Unreviewed
CVE-2021-43019 was published Nov 24, 2021
Philips MRI 1.5T and MRI 3T Version 5.x.x does not restrict or incorrectly restricts access to a... Moderate Unreviewed
CVE-2021-26262 was published Nov 20, 2021
Incorrect Access Control in Ignition Critical
CVE-2021-43996 was published for facade/ignition (Composer) Nov 19, 2021
Insufficient Granularity of Access Control in github.com/google/exposure-notifications-verification-server Moderate
CVE-2021-22565 was published for github.com/google/exposure-notifications-verification-server (Go) Nov 10, 2021
sethvargo
Improper Access Control in jupyterhub-firstuseauthenticator Critical
CVE-2021-41194 was published for jupyterhub-firstuseauthenticator (pip) Oct 28, 2021
georgejhunt
Improper Access Control in github.com/treeverse/lakefs Moderate
GHSA-m836-gxwq-j2pm was published for github.com/treeverse/lakefs (Go) Oct 28, 2021
eden-ohana tdunlap607
User can obtain JWT token even if account is disabled High
GHSA-36mj-6r7r-mqhf was published for ezsystems/ezplatform-rest (Composer) Sep 29, 2021
Dolibarr vulnerable to Improper Authentication and Improper Access Control High
CVE-2021-25956 was published for dolibarr/dolibarr (Composer) Sep 2, 2021
Improper Access Control in Dolibarr Moderate
CVE-2021-25954 was published for dolibarr/dolibarr (Composer) Aug 11, 2021
Unchecked hostname resolution could allow access to local network resources by users outside the local network Moderate
GHSA-6rg3-8h8x-5xfv was published for github.com/pterodactyl/wings (Go) Jun 23, 2021
Apache ActiveMQ Artemis vulnerable to Improper Access Control High
CVE-2021-26118 was published for org.apache.activemq:artemis-openwire-protocol (Maven) Jun 16, 2021
Access Restriction Bypass in kube-apiserver Moderate
CVE-2021-25735 was published for k8s.io/kubernetes (Go) May 28, 2021
jhutchings1
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database