Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

5,284 advisories

Loading
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local... Low Unreviewed
CVE-2021-25519 was published Dec 9, 2021
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation... Moderate Unreviewed
CVE-2021-24790 was published Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... High Unreviewed
CVE-2021-20865 was published Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... Moderate Unreviewed
CVE-2021-20866 was published Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... Moderate Unreviewed
CVE-2021-20867 was published Dec 14, 2021
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary... High Unreviewed
CVE-2021-44233 was published Dec 15, 2021
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will... High Unreviewed
CVE-2021-41066 was published Dec 15, 2021
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line... Critical Unreviewed
CVE-2021-45015 was published Dec 15, 2021
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html... Moderate Unreviewed
CVE-2021-44937 was published Dec 15, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... High Unreviewed
CVE-2021-27859 was published Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... High Unreviewed
CVE-2021-27857 was published Dec 16, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an... Critical Unreviewed
CVE-2021-27856 was published Dec 16, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a... High Unreviewed
CVE-2021-27855 was published Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... Moderate Unreviewed
CVE-2021-27858 was published Dec 16, 2021
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise... Critical Unreviewed
CVE-2021-36888 was published Dec 16, 2021
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to... High Unreviewed
CVE-2021-1017 was published Dec 16, 2021
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user... High Unreviewed
CVE-2021-0926 was published Dec 16, 2021
In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to... High Unreviewed
CVE-2021-0923 was published Dec 16, 2021
In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass... High Unreviewed
CVE-2021-0922 was published Dec 16, 2021
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
TCMAN GIM does not perform an authorization check when trying to access determined resources. A... High Unreviewed
CVE-2021-40853 was published Dec 18, 2021
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37... Moderate Unreviewed
CVE-2021-44857 was published Dec 18, 2021
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle... High Unreviewed
CVE-2021-37572 was published Dec 27, 2021
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed
CVE-2020-20944 was published Dec 28, 2021
The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API... Moderate Unreviewed
CVE-2021-24997 was published Dec 28, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database