GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
463 advisories
Filter by severity
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a...
Moderate
Unreviewed
CVE-2017-15196
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to...
Moderate
Unreviewed
CVE-2017-15197
was published
May 13, 2022
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User...
Moderate
Unreviewed
CVE-2017-0936
was published
May 13, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to...
Moderate
Unreviewed
CVE-2019-9921
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and...
Critical
Unreviewed
CVE-2019-9756
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
Moderate
Unreviewed
CVE-2019-9219
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
Moderate
Unreviewed
CVE-2019-9170
was published
May 13, 2022
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint...
Critical
Unreviewed
CVE-2019-6716
was published
May 13, 2022
** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that...
Moderate
Unreviewed
CVE-2018-20405
was published
May 13, 2022
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR)...
Moderate
Unreviewed
CVE-2018-16971
was published
May 13, 2022
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
Moderate
CVE-2018-16704
was published
for
gleez/cms
(Composer)
May 13, 2022
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and...
Moderate
Unreviewed
CVE-2018-16606
was published
May 13, 2022
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2018-15833
was published
May 13, 2022
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network...
Moderate
Unreviewed
CVE-2019-9938
was published
May 13, 2022
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass...
High
Unreviewed
CVE-2022-29008
was published
May 12, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions...
Moderate
Unreviewed
CVE-2022-1352
was published
May 12, 2022
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure...
High
Unreviewed
CVE-2022-28986
was published
May 11, 2022
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although...
Moderate
Unreviewed
CVE-2022-23061
was published
May 3, 2022
Keycloak vulnerable to privilege escalation on Token Exchange feature
Critical
CVE-2022-1245
was published
for
org.keycloak:keycloak-services
(Maven)
Apr 26, 2022
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to...
Moderate
Unreviewed
CVE-2022-1461
was published
Apr 26, 2022
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6...
High
Unreviewed
CVE-2022-1459
was published
Apr 26, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to...
Moderate
Unreviewed
CVE-2021-24800
was published
Apr 26, 2022
An Insecure Direct Object Reference issue exists in the Tyler Odyssey platform before 17.1.20....
High
Unreviewed
CVE-2022-26665
was published
Apr 19, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an...
Moderate
Unreviewed
CVE-2022-29287
was published
Apr 17, 2022
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control...
High
Unreviewed
CVE-2022-22190
was published
Apr 15, 2022
ProTip!
Advisories are also available from the
GraphQL API