GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,117
Composer 4,330
Erlang 31
GitHub Actions 21
Go 2,091
Maven 5,253
npm 3,756
NuGet 678
pip 3,443
Pub 12
RubyGems 892
Rust 882
Swift 37

Unreviewed advisories

All unreviewed 242,051

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

389 advisories

Filter by severity

Sort by

Least recently updated

In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments... Moderate Unreviewed

CVE-2017-15209 was published May 13, 2022

An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper... Moderate Unreviewed

CVE-2018-10211 was published May 13, 2022

onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive... Moderate Unreviewed

CVE-2022-27247 was published May 14, 2022

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and... Moderate Unreviewed

CVE-2022-1425 was published May 17, 2022

EC-CUBE vulnerable to authorization bypass Moderate

CVE-2014-0808 was published for ec-cube/ec-cube (Composer) May 17, 2022

Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0... Moderate Unreviewed

CVE-2022-29434 was published May 21, 2022

Publify has Improper Access Controls Moderate

CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before... Moderate Unreviewed

CVE-2018-18976 was published May 24, 2022

Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to... Moderate Unreviewed

CVE-2019-5966 was published May 24, 2022

Magento 2 Community Edition IDOR Vulnerability Moderate

CVE-2019-7864 was published for magento/community-edition (Composer) May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed

CVE-2019-14245 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed

CVE-2019-14246 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed

CVE-2019-14721 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed

CVE-2019-14725 was published May 24, 2022

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4.... Moderate Unreviewed

CVE-2019-17382 was published May 24, 2022

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key... Moderate Unreviewed

CVE-2019-16340 was published May 24, 2022

Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate

CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022

An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense ... Moderate Unreviewed

CVE-2019-19616 was published May 24, 2022

The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip... Moderate Unreviewed

CVE-2020-5194 was published May 24, 2022

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and... Moderate Unreviewed

CVE-2019-15582 was published May 24, 2022

An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to... Moderate Unreviewed

CVE-2019-5466 was published May 24, 2022

Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4... Moderate Unreviewed

CVE-2019-18998 was published May 24, 2022

Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information.... Moderate Unreviewed

CVE-2019-19866 was published May 24, 2022

An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex... Moderate Unreviewed

CVE-2020-9384 was published May 24, 2022

Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker... Moderate Unreviewed

CVE-2020-5743 was published May 24, 2022

Previous 1 2 3 4 5 … 15 16 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

389 advisories