Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,245
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

74 advisories

Loading
Bypass of fix for CVE-2020-15247, Twig sandbox escape Low
CVE-2020-26231 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-w736-hf9p-qqh3 was published for com.amazonaws:aws-dynamodb-encryption-java (Maven) Feb 8, 2021
Key Caching behavior in the DynamoDB Encryption Client. Low
GHSA-4ph2-8337-hm62 was published for dynamodb-encryption-sdk (pip) Feb 8, 2021
Generation of fake documents via public GET-call Low
GHSA-jvg4-9rc2-wvcr was published for shopware/platform (Composer) Feb 10, 2021
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local... Low Unreviewed
CVE-2021-25519 was published Dec 9, 2021
The Ibtana WordPress plugin before 1.1.4.9 does not have authorisation and CSRF checks in the... Low Unreviewed
CVE-2021-25014 was published Feb 15, 2022
The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has... Low Unreviewed
CVE-2021-25075 was published Feb 22, 2022
Renderers can obtain access to random bluetooth device without permission in Electron Low
CVE-2022-21718 was published for electron (npm) Mar 22, 2022
PalmerAL
The AliasHandler component in PostfixAdmin before 3.0.2 allows remote authenticated domain admins... Low Unreviewed
CVE-2017-5930 was published May 13, 2022
The KEYS subsystem in the Linux kernel before 4.14.6 omitted an access-control check when adding... Low Unreviewed
CVE-2017-17807 was published May 13, 2022
lxc-user-nic in Linux Containers (LXC) allows local users with a lxc-usernet allocation to create... Low Unreviewed
CVE-2017-5985 was published May 13, 2022
In SyncStatusObserver, there is a possible bypass for operating system protections that isolate... Low Unreviewed
CVE-2019-9351 was published May 24, 2022
In FingerprintService, there is a possible bypass for operating system protections that isolate... Low Unreviewed
CVE-2019-9377 was published May 24, 2022
base_sock_create in drivers/isdn/mISDN/socket.c in the AF_ISDN network module in the Linux kernel... Low Unreviewed
CVE-2019-17055 was published May 24, 2022
A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls... Low Unreviewed
CVE-2019-14822 was published May 24, 2022
The issue was addressed with improved permissions logic. This issue is fixed in iTunes for... Low Unreviewed
CVE-2020-3861 was published May 24, 2022
A logic issue was addressed with improved state management. This issue is fixed in iOS 13.4 and... Low Unreviewed
CVE-2020-3891 was published May 24, 2022
Zoom Client for Meetings through 4.6.8 on macOS has the disable-library-validation entitlement,... Low Unreviewed
CVE-2020-11470 was published May 24, 2022
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. There is... Low Unreviewed
CVE-2020-11601 was published May 24, 2022
An information disclosure vulnerability exists when Windows Mobile Device Management (MDM)... Low Unreviewed
CVE-2020-0989 was published May 24, 2022
Telegram Desktop through 2.4.3 does not require passcode entry upon pushing the Export key within... Low Unreviewed
CVE-2020-25824 was published May 24, 2022
The issue was addressed with improved validation when an iCloud Link is created. This issue is... Low Unreviewed
CVE-2019-8857 was published May 24, 2022
In JetBrains Code With Me before 2020.3, an attacker on the local network, knowing a session ID,... Low Unreviewed
CVE-2021-25755 was published May 24, 2022
Clustered Data ONTAP versions prior to 9.3P21, 9.5P16, 9.6P12, 9.7P8 and 9.8 are susceptible to a... Low Unreviewed
CVE-2021-26988 was published May 24, 2022
A lock screen issue allowed access to contacts on a locked device. This issue was addressed with... Low Unreviewed
CVE-2021-1755 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API