Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,097
Erlang
29
GitHub Actions
19
Go
1,925
Maven
5,000+
npm
3,657
NuGet
638
pip
3,264
Pub
10
RubyGems
873
Rust
823
Swift
35
Unreviewed advisories
All unreviewed
5,000+

232 advisories

Loading
Improper Input Validation and Missing Authentication for Critical Function in Apache ActiveMQ Moderate
CVE-2015-7559 was published for org.apache.activemq:activemq-client (Maven) Aug 1, 2019
sunSUNQ
Missing Authentication for Critical Function in LibreNMS Moderate
CVE-2019-10668 was published for librenms/librenms (Composer) Oct 11, 2019
Keycloak Missing authentication for critical function Moderate
CVE-2021-20262 was published for org.keycloak:keycloak-core (Maven) Mar 12, 2021
Improper Authentication in Apache Airflow Moderate
CVE-2021-26697 was published for apache-airflow (pip) Jun 18, 2021
sunSUNQ
Automatic room upgrade handling can be used maliciously to bridge a room non-consentually Moderate
CVE-2021-32659 was published for matrix-appservice-bridge (npm) Jun 21, 2021
Missing Authentication for Critical Function Moderate
CVE-2021-32709 was published for shopware/platform (Composer) Jun 29, 2021
Missing Authentication for Critical Function in Saleor Moderate
CVE-2020-7964 was published for saleor (pip) Jul 28, 2021
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check.... Moderate Unreviewed
CVE-2021-1011 was published Dec 16, 2021
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent... Moderate Unreviewed
CVE-2021-20152 was published Dec 31, 2021
Improper Access Control in Onionshare Moderate
CVE-2022-21691 was published for onionshare-cli (pip) Jan 21, 2022
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without... Moderate Unreviewed
CVE-2021-33843 was published Jan 22, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2021-34870 was published Jan 26, 2022
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All... Moderate Unreviewed
CVE-2021-26264 was published Jan 29, 2022
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a... Moderate Unreviewed
CVE-2022-21816 was published Feb 8, 2022
Improper Authentication in Apache ActiveMQ Moderate
CVE-2020-13920 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have... Moderate Unreviewed
CVE-2022-24111 was published Feb 11, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow... Moderate Unreviewed
CVE-2022-22809 was published Feb 11, 2022
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, may arbitrarily... Moderate Unreviewed
CVE-2022-0188 was published Feb 15, 2022
Denial of service in Grafana Moderate
CVE-2021-27358 was published for github.com/grafana/grafana (Go) Feb 15, 2022
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13,... Moderate Unreviewed
CVE-2021-44261 was published Mar 18, 2022
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not... Moderate Unreviewed
CVE-2021-46006 was published Apr 1, 2022
The software does not perform any authentication for critical system functionality. Moderate Unreviewed
CVE-2022-0922 was published Apr 3, 2022
Sensitive information can be obtained through the handling of serialized data. The issue results... Moderate Unreviewed
CVE-2020-14479 was published Apr 3, 2022
Unauthenticated user can list hidden document from multiple velocity templates in XWiki Moderate
CVE-2022-24820 was published for org.xwiki.platform:xwiki-platform-web (Maven) Apr 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database