Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

373 advisories

Loading
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a... Moderate Unreviewed
CVE-2017-15207 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic... Moderate Unreviewed
CVE-2017-15208 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions... Moderate Unreviewed
CVE-2017-15204 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a... Moderate Unreviewed
CVE-2017-15195 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories... Moderate Unreviewed
CVE-2017-15203 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a... Moderate Unreviewed
CVE-2017-15202 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a... Moderate Unreviewed
CVE-2017-15196 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to... Moderate Unreviewed
CVE-2017-15197 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a... Moderate Unreviewed
CVE-2017-15201 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a... Moderate Unreviewed
CVE-2017-15200 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a... Moderate Unreviewed
CVE-2017-15199 was published May 13, 2022
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User... Moderate Unreviewed
CVE-2017-0936 was published May 13, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to... Moderate Unreviewed
CVE-2019-9921 was published May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... Moderate Unreviewed
CVE-2019-9219 was published May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before... Moderate Unreviewed
CVE-2019-9170 was published May 13, 2022
** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that... Moderate Unreviewed
CVE-2018-20405 was published May 13, 2022
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR)... Moderate Unreviewed
CVE-2018-16971 was published May 13, 2022
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users Moderate
CVE-2018-16704 was published for gleez/cms (Composer) May 13, 2022
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and... Moderate Unreviewed
CVE-2018-16606 was published May 13, 2022
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2018-15833 was published May 13, 2022
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network... Moderate Unreviewed
CVE-2019-9938 was published May 13, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions... Moderate Unreviewed
CVE-2022-1352 was published May 12, 2022
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although... Moderate Unreviewed
CVE-2022-23061 was published May 3, 2022
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to... Moderate Unreviewed
CVE-2022-1461 was published Apr 26, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to... Moderate Unreviewed
CVE-2021-24800 was published Apr 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database