Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,941
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,952
npm
3,481
NuGet
605
pip
3,049
Pub
10
RubyGems
832
Rust
778
Swift
34
Unreviewed advisories
All unreviewed
5,000+

3,060 advisories

APM Java Agent Local Privilege Escalation High
CVE-2021-37941 was published for elastic-apm (pip) Dec 9, 2021
Thunderbird unexpectedly enabled JavaScript in the composition area. The JavaScript execution... Moderate Unreviewed
CVE-2021-43528 was published Dec 9, 2021
Improper Privilege Management in devise_masquerade High
CVE-2021-28680 was published for devise_masquerade (RubyGems) Dec 8, 2021
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 using... Critical Unreviewed
CVE-2021-42128 was published Dec 8, 2021
There is a Permissions,Privileges,and Access Controls vulnerability in Huawei Smartphone... High Unreviewed
CVE-2021-37091 was published Dec 8, 2021
Raspberry Pi OS through 5.10 has the raspberry default password for the pi account. If not... Critical Unreviewed
CVE-2021-38759 was published Dec 8, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. A world writable file... High Unreviewed
CVE-2021-43034 was published Dec 7, 2021
An issue was discovered in Kaseya Unitrends Backup Appliance before 10.5.5. The privileged... High Unreviewed
CVE-2021-43040 was published Dec 7, 2021
When a user has admin rights in Serv-U Console, the user can move, create and delete any files... Moderate Unreviewed
CVE-2021-35245 was published Dec 7, 2021
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could... High Unreviewed
CVE-2021-44019 was published Dec 4, 2021
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could... High Unreviewed
CVE-2021-44020 was published Dec 4, 2021
An unnecessary privilege vulnerability in Trend Micro Worry-Free Business Security 10.0 SP1 could... High Unreviewed
CVE-2021-44021 was published Dec 4, 2021
The AMDPowerProfiler.sys driver of AMD ?Prof tool may allow lower privileged users to access MSRs... Critical Unreviewed
CVE-2021-26334 was published Dec 2, 2021
Improper Privilege Management in Concrete CMS High
CVE-2021-22966 was published for concrete5/core (Composer) Nov 23, 2021
certain VT-d IOMMUs may not work in shared page table mode For efficiency reasons, address... High Unreviewed
CVE-2021-28710 was published Nov 22, 2021
Networking OS10, versions prior to October 2021 with RESTCONF API enabled, contains a privilege... High Unreviewed
CVE-2021-36307 was published Nov 21, 2021
An issue was discovered in Quagga through 1.2.4. Unsafe chown/chmod operations in the suggested... High Unreviewed
CVE-2021-44038 was published Nov 20, 2021
Insufficient security control vulnerability in internal database access mechanism of Hitachi... High Unreviewed
CVE-2021-35534 was published Nov 19, 2021
Improper privilege management in Keycloak High
CVE-2020-14389 was published for org.keycloak:keycloak-core (Maven) Nov 10, 2021
Hashicorp Vault Privilege Escalation Vulnerability Low
CVE-2021-41802 was published for github.com/hashicorp/vault (Go) Oct 12, 2021
TimelockController vulnerability in OpenZeppelin Contracts Critical
CVE-2021-39168 was published for @openzeppelin/contracts-upgradeable (npm) Aug 30, 2021
TimelockController vulnerability in OpenZeppelin Contracts Critical
CVE-2021-39167 was published for @openzeppelin/contracts (npm) Aug 30, 2021
Permissions bypass in pleaser High
CVE-2021-31155 was published for pleaser (Rust) Aug 25, 2021
michaelkedar
Privilege escalation via form generator High
CVE-2021-37627 was published for contao/contao (Composer) Aug 23, 2021
ausi
Privilege escalation: all users can access Admin-level API keys Moderate
CVE-2021-39192 was published for ghost (npm) Jul 22, 2021
zn9988
ProTip! Advisories are also available from the GraphQL API