Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,356
Erlang
31
GitHub Actions
22
Go
2,120
Maven
5,000+
npm
3,782
NuGet
683
pip
3,460
Pub
12
RubyGems
893
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Kentico 11 through 12 lets attackers upload and explore files without authentication via the... Critical Unreviewed
CVE-2019-12102 was published May 24, 2022
Kromtech MacKeeper 3.20.4 suffers from a root privilege escalation vulnerability through its `com... Critical Unreviewed
CVE-2018-10171 was published May 24, 2022
LOYTEC LGATE-902 6.3.2 devices allow Arbitrary file deletion. Critical Unreviewed
CVE-2018-14916 was published May 24, 2022
DGLogik Inc DGLux Server All Versions is affected by: Insecure Permissions. The impact is: Remote... Critical Unreviewed
CVE-2019-1010009 was published May 24, 2022
Akeo Consulting Rufus 3.0 and earlier is affected by: Insecure Permissions. The impact is:... Critical Unreviewed
CVE-2019-1010101 was published May 24, 2022
In Univa Grid Engine before 8.6.3, when configured for Docker jobs and execd spooling on... Critical Unreviewed
CVE-2018-20871 was published May 24, 2022
An issue was discovered in Softing uaGate SI 1.60.01. A maintenance script, that is executable... Critical Unreviewed
CVE-2019-11526 was published May 24, 2022
Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability.... Critical Unreviewed
CVE-2019-8071 was published May 24, 2022
Winston 1.5.4 devices have an SSH user account with access from bastion hosts. This is... Critical Unreviewed
CVE-2020-16259 was published May 24, 2022
OvoiceManager has system permission to write vulnerability reports for arbitrary files, affected... Critical Unreviewed
CVE-2020-11831 was published May 24, 2022
An issue was discovered in the Quiz and Survey Master plugin before 7.0.1 for WordPress. It made... Critical Unreviewed
CVE-2020-35949 was published May 24, 2022
HGiga EIP product lacks ineffective access control in certain pages that allow attackers to... Critical Unreviewed
CVE-2021-22850 was published May 24, 2022
In 74cms version 5.0.1, there is a remote code execution vulnerability in /Application/Admin... Critical Unreviewed
CVE-2020-35339 was published May 24, 2022
OpenIAM before 4.2.0.3 has Incorrect Access Control for the Create User, Modify User Permissions,... Critical Unreviewed
CVE-2020-13421 was published May 24, 2022
Moodle command execution vulnerability exists in the default legacy spellchecker plugin Critical
CVE-2021-21809 was published for moodle/moodle (Composer) May 24, 2022
Insecure permissions in Update Manager <= 5.8.0.2300 and DFL <= 12.5.1001.5 in DATEV programs v14... Critical Unreviewed
CVE-2021-41428 was published May 24, 2022
Tad Book3 editing book page does not perform identity verification. Remote attackers can use the... Critical Unreviewed
CVE-2021-41974 was published May 24, 2022
In Gradle Enterprise before 2021.3 (and Enterprise Build Cache Node before 10.0), there is... Critical Unreviewed
CVE-2021-41589 was published May 24, 2022
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an... Critical Unreviewed
CVE-2021-39409 was published Jun 25, 2022
A critical issue has been discovered in GitLab affecting all versions starting from 14.0 prior to... Critical Unreviewed
CVE-2022-2185 was published Jul 2, 2022
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete... Critical Unreviewed
CVE-2021-22648 was published Jul 29, 2022
Code by Zapier before 2022-08-17 allowed intra-account privilege escalation that included... Critical Unreviewed
CVE-2022-28802 was published Sep 22, 2022
Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability... Critical Unreviewed
CVE-2023-24205 was published Feb 24, 2023
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on... Critical Unreviewed
CVE-2023-0834 was published Apr 28, 2023
PublicCMS <=V4.0.202302 is vulnerable to Insecure Permissions. Critical Unreviewed
CVE-2023-34852 was published Jun 15, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database