GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
632 advisories
Filter by severity
Local privilege escalation via named pipe due to improper access control checks. The following...
High
Unreviewed
CVE-2021-44204
was published
Feb 10, 2022
ESET products for Windows allows untrusted process to impersonate the client of a pipe, which can...
High
Unreviewed
CVE-2021-37852
was published
Feb 10, 2022
A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET...
High
Unreviewed
CVE-2021-41608
was published
Jan 29, 2022
arm: guest_physmap_remove_page not removing the p2m mappings The functions to remove one or more...
High
Unreviewed
CVE-2022-23033
was published
Jan 26, 2022
On BIG-IQ Centralized Management 8.x before 8.1.0, an authenticated administrative role user on a...
High
Unreviewed
CVE-2022-23009
was published
Jan 26, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib...
High
Unreviewed
CVE-2021-24906
was published
Jan 25, 2022
Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability...
High
Unreviewed
CVE-2021-38789
was published
Jan 20, 2022
AX3600 router sensitive information leaked.There is an unauthorized interface through luci to...
High
Unreviewed
CVE-2020-14110
was published
Jan 19, 2022
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by...
High
Unreviewed
CVE-2021-28501
was published
Jan 15, 2022
An issue has recently been discovered in Arista EOS where the incorrect use of EOS's AAA API’s by...
High
Unreviewed
CVE-2021-28500
was published
Jan 15, 2022
An issue has recently been discovered in Arista EOS where, under certain conditions, the service...
High
Unreviewed
CVE-2021-28507
was published
Jan 15, 2022
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app...
High
Unreviewed
CVE-2022-22288
was published
Jan 11, 2022
An issue was discovered in dst-admin v1.3.0. The product has an unauthorized arbitrary file...
High
Unreviewed
CVE-2021-44586
was published
Jan 11, 2022
Glewlwyd 2.0.0, fixed in 2.6.1 is affected by an incorrect access control vulnerability. One user...
High
Unreviewed
CVE-2021-45379
was published
Dec 31, 2021
Insufficient policy enforcement in background fetch in Google Chrome prior to 96.0.4664.45...
High
Unreviewed
CVE-2021-38016
was published
Dec 24, 2021
Insufficient policy enforcement in iframe sandbox in Google Chrome prior to 96.0.4664.45 allowed...
High
Unreviewed
CVE-2021-38017
was published
Dec 24, 2021
NVIDIA GeForce Experience contains a vulnerability in user authorization, where GameStream does...
High
Unreviewed
CVE-2021-23175
was published
Dec 24, 2021
Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam...
High
Unreviewed
CVE-2021-44877
was published
Dec 22, 2021
An issue was discovered in HTCondor 9.0.x before 9.0.4 and 9.1.x before 9.1.2. When...
High
Unreviewed
CVE-2021-45102
was published
Dec 17, 2021
The Spotfire Server component of TIBCO Software Inc.'s TIBCO Spotfire Server, TIBCO Spotfire...
High
Unreviewed
CVE-2021-43051
was published
Dec 15, 2021
HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has...
High
Unreviewed
CVE-2021-41805
was published
Dec 13, 2021
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5...
High
Unreviewed
CVE-2021-29678
was published
Dec 10, 2021
An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an...
High
Unreviewed
CVE-2021-42758
was published
Dec 9, 2021
An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an...
High
Unreviewed
CVE-2021-42124
was published
Dec 8, 2021
An improper authorization control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an...
High
Unreviewed
CVE-2021-42126
was published
Dec 8, 2021
ProTip!
Advisories are also available from the
GraphQL API