Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

308 advisories

Loading
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link... Moderate Unreviewed
CVE-2017-15206 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic... Moderate Unreviewed
CVE-2017-15208 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions... Moderate Unreviewed
CVE-2017-15204 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a... Moderate Unreviewed
CVE-2017-15207 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a... Moderate Unreviewed
CVE-2017-15201 was published May 13, 2022
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly... Moderate Unreviewed
CVE-2022-4417 was published Jan 3, 2023
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference ... Moderate Unreviewed
CVE-2022-4340 was published Jan 3, 2023
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper... Moderate Unreviewed
CVE-2018-10211 was published May 13, 2022
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive... Moderate Unreviewed
CVE-2022-27247 was published May 14, 2022
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets... Moderate Unreviewed
CVE-2022-3511 was published Nov 28, 2022
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check... Moderate Unreviewed
CVE-2022-3282 was published Oct 17, 2022
Users with Node Management rights were able to view and edit all nodes due to Insufficient... Moderate Unreviewed
CVE-2022-36966 was published Oct 21, 2022
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and... Moderate Unreviewed
CVE-2022-1425 was published May 17, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4806 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to Improper Authorization Moderate
CVE-2022-4802 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents Moderate
CVE-2022-4812 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authentication vulnerability Moderate
CVE-2022-4799 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4798 was published for github.com/usememos/memos (Go) Dec 28, 2022
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source... Moderate Unreviewed
CVE-2021-40579 was published Dec 29, 2021
Authorization Bypass Through User-Controlled Key in LiveHelperChat Moderate
CVE-2022-0266 was published for remdex/livehelperchat (Composer) Jan 21, 2022
The WP-Polls WordPress plugin before 2.76.0 prioritizes getting a visitor's IP from certain HTTP... Moderate Unreviewed
CVE-2022-1581 was published Nov 21, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a... Moderate Unreviewed
CVE-2021-25096 was published Feb 8, 2022
Authorization Bypass Through User-Controlled Key in urijs Moderate
CVE-2022-0613 was published for urijs (npm) Feb 17, 2022
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site... Moderate Unreviewed
CVE-2022-24979 was published Feb 20, 2022
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user... Moderate Unreviewed
CVE-2022-0442 was published Mar 8, 2022
ProTip! Advisories are also available from the GraphQL API