Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,473 advisories

Loading
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object... Moderate Unreviewed
CVE-2022-42067 was published Oct 14, 2022
WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted... High Unreviewed
CVE-2022-36539 was published Sep 8, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate
CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as... High Unreviewed
CVE-2022-3846 was published Dec 5, 2022
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing... Moderate Unreviewed
CVE-2022-4097 was published Dec 12, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to... Moderate Unreviewed
CVE-2019-9921 was published May 13, 2022
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although... Moderate Unreviewed
CVE-2022-23061 was published May 3, 2022
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure... High Unreviewed
CVE-2022-28986 was published May 11, 2022
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0... Moderate Unreviewed
CVE-2022-2499 was published Aug 6, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to... High Unreviewed
CVE-2022-2367 was published Aug 9, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions... Moderate Unreviewed
CVE-2022-1352 was published May 12, 2022
Authorization Bypass Through User-Controlled Key in Bagisto Moderate
CVE-2019-16403 was published for bagisto/bagisto (Composer) Nov 8, 2019
Machine-In-The-Middle in lix High
CVE-2020-10800 was published for lix (npm) Apr 16, 2020
IDOR can reveal execution data and logs to unauthorized user in Rundeck Moderate
CVE-2020-11009 was published for org.rundeck:rundeck (Maven) Apr 29, 2020
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network... Moderate Unreviewed
CVE-2019-9938 was published May 13, 2022
Authorization Bypass in Liferay Portal Moderate
CVE-2022-42129 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in... Moderate Unreviewed
CVE-2022-44005 was published Nov 17, 2022
An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4... Moderate Unreviewed
CVE-2022-39945 was published Nov 2, 2022
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and... Moderate Unreviewed
CVE-2018-16606 was published May 13, 2022
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2018-15833 was published May 13, 2022
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR)... Moderate Unreviewed
CVE-2018-16971 was published May 13, 2022
** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that... Moderate Unreviewed
CVE-2018-20405 was published May 13, 2022
Password exposure in concrete5/core Moderate
CVE-2021-22951 was published for concrete5/core (Composer) Nov 23, 2021
Insecure direct object reference of log files of the Import/Export feature Moderate
CVE-2021-37709 was published for shopware/core (Composer) Aug 30, 2021
Exposure of sensitive information in concrete5/core Moderate
CVE-2021-22967 was published for concrete5/core (Composer) Nov 23, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database