Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

460 advisories

Loading
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21013 was published May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21012 was published May 24, 2022
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code... High Unreviewed
CVE-2019-15310 was published May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131 Credited to MarkLee131
Mattermost Server has intermittent Authorization bypass for resource-owners High
CVE-2017-18894 was published for github.com/mattermost/mattermost-server (Go) May 24, 2022
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin... High Unreviewed
CVE-2019-17050 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... High Unreviewed
CVE-2019-14724 was published May 24, 2022
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to... High Unreviewed
CVE-2019-14932 was published May 24, 2022
Magento 2 Community Edition Access Control Bypass High
CVE-2019-7950 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7890 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7854 was published for magento/community-edition (Composer) May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can... High Unreviewed
CVE-2019-13605 was published May 24, 2022
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL... High Unreviewed
CVE-2019-13337 was published May 24, 2022
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 ... High Unreviewed
CVE-2019-12782 was published May 24, 2022
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account,... High Unreviewed
CVE-2019-12742 was published May 24, 2022
Apache Ranger allows users to bypass intended access restrictions via direct access to module URLs High
CVE-2015-0266 was published for org.apache.ranger:ranger (Maven) May 17, 2022
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the... High Unreviewed
CVE-2018-16608 was published May 13, 2022
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass... High Unreviewed
CVE-2022-29008 was published May 12, 2022
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure... High Unreviewed
CVE-2022-28986 was published May 11, 2022
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6... High Unreviewed
CVE-2022-1459 was published Apr 26, 2022
An Insecure Direct Object Reference issue exists in the Tyler Odyssey platform before 17.1.20.... High Unreviewed
CVE-2022-26665 was published Apr 19, 2022
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control... High Unreviewed
CVE-2022-22190 was published Apr 15, 2022
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to... High Unreviewed
CVE-2021-46416 was published Apr 8, 2022
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files... High Unreviewed
CVE-2021-43957 was published Mar 17, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any... High Unreviewed
CVE-2022-25471 was published Mar 4, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database