Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

2,414 advisories

Loading
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... High Unreviewed
CVE-2021-29678 was published Dec 10, 2021
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin... Critical Unreviewed
CVE-2021-43703 was published Dec 10, 2021
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an... High Unreviewed
CVE-2021-42758 was published Dec 9, 2021
An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3... Moderate Unreviewed
CVE-2021-41013 was published Dec 9, 2021
The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to... Critical Unreviewed
CVE-2021-38503 was published Dec 9, 2021
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42124 was published Dec 8, 2021
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42126 was published Dec 8, 2021
There is an Improper access control vulnerability in Huawei Smartphone.Successful exploitation of... High Unreviewed
CVE-2021-37038 was published Dec 8, 2021
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login... High Unreviewed
CVE-2021-24917 was published Dec 7, 2021
Permissions not properly checked in Invenio-Drafts-Resources Moderate
CVE-2021-43781 was published for invenio-app-rdm (pip) Dec 6, 2021
lnielsen
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior,... Moderate Unreviewed
CVE-2021-20862 was published Dec 2, 2021
Improper access control vulnerability in ELECOM routers (WRC-1167GST2 firmware v1.25 and prior,... High Unreviewed
CVE-2021-20864 was published Dec 2, 2021
bookstack is vulnerable to Improper Access Control Moderate
CVE-2021-4026 was published for ssddanbrown/bookstack (Composer) Dec 1, 2021
Trend Micro Antivirus for Mac 2021 v11 (Consumer) is vulnerable to an improper access control... High Unreviewed
CVE-2021-43771 was published Dec 1, 2021
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which... Moderate Unreviewed
CVE-2021-24842 was published Nov 30, 2021
EC-CUBE Improper access control in Management screen Moderate
CVE-2021-20841 was published for ec-cube/ec-cube (Composer) Nov 25, 2021
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari ... High Unreviewed
CVE-2021-20835 was published Nov 25, 2021
Incorrect Authorization in Apache Ozone Critical
CVE-2021-39233 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Incorrect Authorization in Apache Ozone High
CVE-2021-39232 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Apache Ozone user impersonation due to non-validation of Ozone S3 tokens High
CVE-2021-39236 was published for org.apache.hadoop:hadoop-ozone-ozone-manager (Maven) Nov 23, 2021
Incorrect Authorization in Apache Ozone Moderate
CVE-2021-39234 was published for org.apache.ozone:ozone-main (Maven) Nov 23, 2021
Insufficient security control vulnerability in internal database access mechanism of Hitachi... High Unreviewed
CVE-2021-35534 was published Nov 19, 2021
Improper access control in the software installer for the Intel(R) Serial IO driver for Intel(R)... High Unreviewed
CVE-2021-33118 was published Nov 18, 2021
Request injection in Spring Cloud Gateway Moderate
CVE-2021-22051 was published for org.springframework.cloud:spring-cloud-gateway (Maven) Nov 10, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database