GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
269 advisories
Filter by severity
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object...
Moderate
Unreviewed
CVE-2022-45175
was published
Apr 14, 2023
Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view...
Moderate
Unreviewed
CVE-2023-0967
was published
Apr 5, 2023
The listed versions of Nexx Smart Home devices lack proper access control when executing actions....
Moderate
Unreviewed
CVE-2023-1749
was published
Apr 4, 2023
The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to...
Moderate
Unreviewed
CVE-2023-0816
was published
Mar 27, 2023
WisdomGarden Tronclass has improper access control when uploading file. An authenticated remote...
Moderate
Unreviewed
CVE-2023-24834
was published
Mar 27, 2023
Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an...
Moderate
Unreviewed
CVE-2023-24625
was published
Mar 24, 2023
Moodle may allow authenticated users to enumerate other user's names via learning plans page
Moderate
CVE-2023-28334
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Authorization Bypass Through User-Controlled Key play-with-docker
Moderate
CVE-2023-28109
was published
for
github.com/play-with-docker/play-with-docker
(Go)
Mar 17, 2023
Improper Authorization in nilsteampassnet/teampass
Moderate
CVE-2023-1463
was published
for
nilsteampassnet/teampass
(Composer)
Mar 17, 2023
The Popup Builder by OptinMonster WordPress plugin before 2.12.2 does not ensure that the...
Moderate
Unreviewed
CVE-2023-0772
was published
Mar 13, 2023
The Ocean Extra WordPress plugin before 2.1.3 does not ensure that the template to be loaded via...
Moderate
Unreviewed
CVE-2023-0749
was published
Mar 13, 2023
Moodle has Incorrect Default Permissions
Moderate
CVE-2021-36400
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin)...
Moderate
Unreviewed
CVE-2023-0453
was published
Feb 21, 2023
The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an...
Moderate
Unreviewed
CVE-2022-3891
was published
Feb 13, 2023
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference...
Moderate
Unreviewed
CVE-2023-0550
was published
Jan 27, 2023
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the...
Moderate
Unreviewed
CVE-2021-36539
was published
Jan 26, 2023
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference ...
Moderate
Unreviewed
CVE-2022-4340
was published
Jan 3, 2023
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly...
Moderate
Unreviewed
CVE-2022-4417
was published
Jan 3, 2023
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents
Moderate
CVE-2022-4812
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4806
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4811
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authentication vulnerability
Moderate
CVE-2022-4799
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4798
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos vulnerable to Improper Authorization
Moderate
CVE-2022-4802
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the...
Moderate
Unreviewed
CVE-2022-4239
was published
Dec 26, 2022
ProTip!
Advisories are also available from the
GraphQL API