Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,273
Erlang
31
GitHub Actions
21
Go
2,055
Maven
5,000+
npm
3,739
NuGet
668
pip
3,417
Pub
12
RubyGems
891
Rust
872
Swift
36
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
The Conexus telemetry protocol utilized within Medtronic MyCareLink Monitor versions 24950 and... Moderate Unreviewed
CVE-2019-6538 was published May 13, 2022
The web management interface in Siemens RuggedCom ROS before 3.11, ROS 3.11 before 3.11.5 for... Moderate Unreviewed
CVE-2014-2590 was published May 13, 2022
The Popup by Supsystic WordPress plugin before 1.10.9 does not have any authentication and... Moderate Unreviewed
CVE-2022-0424 was published May 10, 2022
On all versions 1.3.x (fixed in 1.4.0) NGINX Service Mesh control plane endpoints are exposed to... Moderate Unreviewed
CVE-2022-27495 was published May 6, 2022
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in... Moderate Unreviewed
CVE-2012-2736 was published Apr 23, 2022
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry... Moderate Unreviewed
CVE-2022-0140 was published Apr 13, 2022
Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging.... Moderate Unreviewed
CVE-2022-0878 was published Apr 13, 2022
Unauthenticated user can list hidden document from multiple velocity templates in XWiki Moderate
CVE-2022-24820 was published for org.xwiki.platform:xwiki-platform-web (Maven) Apr 8, 2022
Sensitive information can be obtained through the handling of serialized data. The issue results... Moderate Unreviewed
CVE-2020-14479 was published Apr 3, 2022
The software does not perform any authentication for critical system functionality. Moderate Unreviewed
CVE-2022-0922 was published Apr 3, 2022
In Totolink A3100R V5.9c.4577, "test.asp" contains an API-like function, which is not... Moderate Unreviewed
CVE-2021-46006 was published Apr 1, 2022
A vulnerability is in the 'BRS_top.html' page of the Netgear W104, version WAC104-V1.0.4.13,... Moderate Unreviewed
CVE-2021-44261 was published Mar 18, 2022
Denial of service in Grafana Moderate
CVE-2021-27358 was published for github.com/grafana/grafana (Go) Feb 15, 2022
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, may arbitrarily... Moderate Unreviewed
CVE-2022-0188 was published Feb 15, 2022
A CWE-306: Missing Authentication for Critical Function vulnerability exists that could allow... Moderate Unreviewed
CVE-2022-22809 was published Feb 11, 2022
In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have... Moderate Unreviewed
CVE-2022-24111 was published Feb 11, 2022
Improper Authentication in Apache ActiveMQ Moderate
CVE-2020-13920 was published for org.apache.activemq:activemq-parent (Maven) Feb 9, 2022
sunSUNQ
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (nvidia.ko), where a... Moderate Unreviewed
CVE-2022-21816 was published Feb 8, 2022
A specially crafted script could cause the DeltaV Distributed Control System Controllers (All... Moderate Unreviewed
CVE-2021-26264 was published Jan 29, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2021-34870 was published Jan 26, 2022
Fresenius Kabi Agilia Link + version 3.0 has a default configuration page accessible without... Moderate Unreviewed
CVE-2021-33843 was published Jan 22, 2022
Improper Access Control in Onionshare Moderate
CVE-2022-21691 was published for onionshare-cli (pip) Jan 21, 2022
Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent... Moderate Unreviewed
CVE-2021-20152 was published Dec 31, 2021
In setPackageStoppedState of PackageManagerService.java, there is a missing permission check.... Moderate Unreviewed
CVE-2021-1011 was published Dec 16, 2021
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database