Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

269 advisories

Loading
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object... Moderate Unreviewed
CVE-2022-45175 was published Apr 14, 2023
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view... Moderate Unreviewed
CVE-2023-0967 was published Apr 5, 2023
The listed versions of Nexx Smart Home devices lack proper access control when executing actions.... Moderate Unreviewed
CVE-2023-1749 was published Apr 4, 2023
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to... Moderate Unreviewed
CVE-2023-0816 was published Mar 27, 2023
WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote... Moderate Unreviewed
CVE-2023-24834 was published Mar 27, 2023
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an... Moderate Unreviewed
CVE-2023-24625 was published Mar 24, 2023
Moodle may allow authenticated users to enumerate other user's names via learning plans page Moderate
CVE-2023-28334 was published for moodle/moodle (Composer) Mar 23, 2023
Authorization Bypass Through User-Controlled Key play-with-docker Moderate
CVE-2023-28109 was published for github.com/play-with-docker/play-with-docker (Go) Mar 17, 2023
cokeBeer
Improper Authorization in nilsteampassnet/teampass Moderate
CVE-2023-1463 was published for nilsteampassnet/teampass (Composer) Mar 17, 2023
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the... Moderate Unreviewed
CVE-2023-0772 was published Mar 13, 2023
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via... Moderate Unreviewed
CVE-2023-0749 was published Mar 13, 2023
Moodle has Incorrect Default Permissions Moderate
CVE-2021-36400 was published for moodle/moodle (Composer) Mar 7, 2023
The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin)... Moderate Unreviewed
CVE-2023-0453 was published Feb 21, 2023
The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an... Moderate Unreviewed
CVE-2022-3891 was published Feb 13, 2023
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2023-0550 was published Jan 27, 2023
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the... Moderate Unreviewed
CVE-2021-36539 was published Jan 26, 2023
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference ... Moderate Unreviewed
CVE-2022-4340 was published Jan 3, 2023
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly... Moderate Unreviewed
CVE-2022-4417 was published Jan 3, 2023
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents Moderate
CVE-2022-4812 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4806 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4811 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authentication vulnerability Moderate
CVE-2022-4799 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4798 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to Improper Authorization Moderate
CVE-2022-4802 was published for github.com/usememos/memos (Go) Dec 28, 2022
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the... Moderate Unreviewed
CVE-2022-4239 was published Dec 26, 2022
ProTip! Advisories are also available from the GraphQL API