Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

2,000 advisories

Loading
A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. GitLab was... Moderate Unreviewed
CVE-2020-13316 was published May 24, 2022
In Java network APIs, there is possible access to sensitive network state due to a missing... Moderate Unreviewed
CVE-2020-0293 was published May 24, 2022
An issue was discovered in Pulse Secure Pulse Connect Secure before 9.1R8. An authenticated... Moderate Unreviewed
CVE-2020-15408 was published May 24, 2022
Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of... Moderate Unreviewed
CVE-2022-32768 was published Aug 23, 2022
Multiple authentication bypass vulnerabilities exist in the objects id handling functionality of... Moderate Unreviewed
CVE-2022-32769 was published Aug 23, 2022
AtomXCMS 2.0 is affected by Arbitrary File Read via admin/dump.php Moderate Unreviewed
CVE-2020-26650 was published May 24, 2022
An API issue existed in the handling of outgoing phone calls initiated with Siri. This issue was... Moderate Unreviewed
CVE-2019-8856 was published May 24, 2022
This issue was addressed with improved checks to prevent unauthorized actions. This issue is... Moderate Unreviewed
CVE-2020-9982 was published May 24, 2022
An Authorization Bypass vulnerability in the Marmind web application with version 4.1.141.0... Moderate Unreviewed
CVE-2020-26506 was published May 24, 2022
In callCallbackForRequest of ConnectivityService.java, there is a possible permission bypass due... Moderate Unreviewed
CVE-2020-0454 was published May 24, 2022
SAP ERP and SAP S/4 HANA allows an authenticated user to see cost records to objects to which he... Moderate Unreviewed
CVE-2020-6316 was published May 24, 2022
Improper access control in mail module (notifications) in Odoo Community 14.0 and earlier and... Moderate Unreviewed
CVE-2019-11784 was published May 24, 2022
Aptdaemon performed policykit checks after interacting with potentially untrusted files with... Moderate Unreviewed
CVE-2020-27349 was published May 24, 2022
Affected versions of Jira Server allow remote unauthenticated attackers to enumerate issue keys... Moderate Unreviewed
CVE-2020-14185 was published May 24, 2022
A flaw was found in Infinispan version 10, where it permits local access to controls via both... Moderate Unreviewed
CVE-2020-10746 was published May 24, 2022
The DiveBook plugin 1.1.4 for WordPress is prone to improper access control in the Log Dive form... Moderate Unreviewed
CVE-2020-14205 was published May 24, 2022
Insufficient policy enforcement in developer tools in Google Chrome prior to 87.0.4280.66 allowed... Moderate Unreviewed
CVE-2020-16027 was published May 24, 2022
Missing permission check in Jenkins OpenShift Deployer Plugin Moderate
CVE-2022-36909 was published for org.jenkins-ci.plugins:openshift-deployer (Maven) Jul 28, 2022
NotMyFault
An issue was discovered in Joomla! 3.0.0 through 3.9.23. The lack of ACL checks in the... Moderate Unreviewed
CVE-2021-23123 was published May 24, 2022
The GitLab Webhook Handler in amazee.io Lagoon before 1.12.3 has incorrect access control... Moderate Unreviewed
CVE-2020-35236 was published May 24, 2022
Improper access control in mail module (channel partners) in Odoo Community 14.0 and earlier and... Moderate Unreviewed
CVE-2019-11783 was published May 24, 2022
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS... Moderate Unreviewed
CVE-2019-8855 was published May 24, 2022
Improper access control in mail module (followers) in Odoo Community 13.0 and earlier and Odoo... Moderate Unreviewed
CVE-2019-11785 was published May 24, 2022
Xen through 4.14.x allows guest OS administrators to obtain sensitive information (such as AES... Moderate Unreviewed
CVE-2020-28368 was published May 24, 2022
Incorrect Access Control in the configuration backup path in SAGEMCOM F@ST3486 NET DOCSIS 3.0,... Moderate Unreviewed
CVE-2020-29138 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database