Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,469 advisories

Loading
snipe-it is vulnerable to Improper Access Control Moderate
CVE-2021-4089 was published for snipe/snipe-it (Composer) Dec 16, 2021
In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass... High Unreviewed
CVE-2021-0922 was published Dec 16, 2021
In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to... High Unreviewed
CVE-2021-0923 was published Dec 16, 2021
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user... High Unreviewed
CVE-2021-0926 was published Dec 16, 2021
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to... High Unreviewed
CVE-2021-1017 was published Dec 16, 2021
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise... Critical Unreviewed
CVE-2021-36888 was published Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... High Unreviewed
CVE-2021-27857 was published Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... Moderate Unreviewed
CVE-2021-27858 was published Dec 16, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a... High Unreviewed
CVE-2021-27855 was published Dec 16, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an... Critical Unreviewed
CVE-2021-27856 was published Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... High Unreviewed
CVE-2021-27859 was published Dec 16, 2021
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html... Moderate Unreviewed
CVE-2021-44937 was published Dec 15, 2021
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line... Critical Unreviewed
CVE-2021-45015 was published Dec 15, 2021
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will... High Unreviewed
CVE-2021-41066 was published Dec 15, 2021
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary... High Unreviewed
CVE-2021-44233 was published Dec 15, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... Moderate Unreviewed
CVE-2021-20867 was published Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... Moderate Unreviewed
CVE-2021-20866 was published Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... High Unreviewed
CVE-2021-20865 was published Dec 14, 2021
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation... Moderate Unreviewed
CVE-2021-24790 was published Dec 14, 2021
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local... Low Unreviewed
CVE-2021-25519 was published Dec 9, 2021
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require... High Unreviewed
CVE-2021-34543 was published Dec 8, 2021
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in... High Unreviewed
CVE-2021-24914 was published Dec 7, 2021
Permissions not properly checked in Invenio-Drafts-Resources Moderate
CVE-2021-43781 was published for invenio-app-rdm (pip) Dec 6, 2021
lnielsen
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which... Moderate Unreviewed
CVE-2021-24842 was published Nov 30, 2021
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not... Critical Unreviewed
CVE-2021-24915 was published Nov 30, 2021
ProTip! Advisories are also available from the GraphQL API