Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

542 advisories

Loading
Authorization Bypass in Liferay Portal Moderate
CVE-2022-42129 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in... Moderate Unreviewed
CVE-2022-44005 was published Nov 17, 2022
An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4... Moderate Unreviewed
CVE-2022-39945 was published Nov 2, 2022
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and... Moderate Unreviewed
CVE-2018-16606 was published May 13, 2022
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2018-15833 was published May 13, 2022
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR)... Moderate Unreviewed
CVE-2018-16971 was published May 13, 2022
** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that... Moderate Unreviewed
CVE-2018-20405 was published May 13, 2022
Password exposure in concrete5/core Moderate
CVE-2021-22951 was published for concrete5/core (Composer) Nov 23, 2021
Insecure direct object reference of log files of the Import/Export feature Moderate
CVE-2021-37709 was published for shopware/core (Composer) Aug 30, 2021
Exposure of sensitive information in concrete5/core Moderate
CVE-2021-22967 was published for concrete5/core (Composer) Nov 23, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference... Moderate Unreviewed
CVE-2021-36329 was published Dec 1, 2021
elgg is vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2021-3964 was published for elgg/elgg (Composer) Dec 3, 2021
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14725 was published May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... Moderate Unreviewed
CVE-2019-9170 was published May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and... Critical Unreviewed
CVE-2019-9756 was published May 13, 2022
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint... Critical Unreviewed
CVE-2019-6716 was published May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... Moderate Unreviewed
CVE-2019-9219 was published May 13, 2022
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6... Moderate Unreviewed
CVE-2022-3331 was published Oct 17, 2022
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User... Moderate Unreviewed
CVE-2017-0936 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to... Moderate Unreviewed
CVE-2017-15197 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link... Moderate Unreviewed
CVE-2017-15211 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a... Moderate Unreviewed
CVE-2017-15200 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a... Moderate Unreviewed
CVE-2017-15196 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a... Moderate Unreviewed
CVE-2017-15195 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a... Moderate Unreviewed
CVE-2017-15199 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API