Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

308 advisories

Loading
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments... Moderate Unreviewed
CVE-2017-15209 was published May 13, 2022
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper... Moderate Unreviewed
CVE-2018-10211 was published May 13, 2022
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive... Moderate Unreviewed
CVE-2022-27247 was published May 14, 2022
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and... Moderate Unreviewed
CVE-2022-1425 was published May 17, 2022
EC-CUBE vulnerable to authorization bypass Moderate
CVE-2014-0808 was published for ec-cube/ec-cube (Composer) May 17, 2022
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0... Moderate Unreviewed
CVE-2022-29434 was published May 21, 2022
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before... Moderate Unreviewed
CVE-2018-18976 was published May 24, 2022
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to... Moderate Unreviewed
CVE-2019-5966 was published May 24, 2022
Magento 2 Community Edition IDOR Vulnerability Moderate
CVE-2019-7864 was published for magento/community-edition (Composer) May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14245 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14246 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14721 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14725 was published May 24, 2022
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4.... Moderate Unreviewed
CVE-2019-17382 was published May 24, 2022
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key... Moderate Unreviewed
CVE-2019-16340 was published May 24, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate
CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense ... Moderate Unreviewed
CVE-2019-19616 was published May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip... Moderate Unreviewed
CVE-2020-5194 was published May 24, 2022
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and... Moderate Unreviewed
CVE-2019-15582 was published May 24, 2022
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to... Moderate Unreviewed
CVE-2019-5466 was published May 24, 2022
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4... Moderate Unreviewed
CVE-2019-18998 was published May 24, 2022
Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information.... Moderate Unreviewed
CVE-2019-19866 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex... Moderate Unreviewed
CVE-2020-9384 was published May 24, 2022
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker... Moderate Unreviewed
CVE-2020-5743 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API