Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+

61 advisories

Loading
Easy!Appointments Improper Access Control vulnerability Moderate
CVE-2023-3700 was published for alextselegidis/easyappointments (Composer) Jul 17, 2023
Go package pydio/cells vulnerable to authorization bypass Moderate
CVE-2023-2978 was published for github.com/pydio/cells (Go) May 30, 2023
Moodle may allow authenticated users to enumerate other user's names via learning plans page Moderate
CVE-2023-28334 was published for moodle/moodle (Composer) Mar 23, 2023
Authorization Bypass Through User-Controlled Key play-with-docker Moderate
CVE-2023-28109 was published for github.com/play-with-docker/play-with-docker (Go) Mar 17, 2023
cokeBeer
Improper Authorization in nilsteampassnet/teampass Moderate
CVE-2023-1463 was published for nilsteampassnet/teampass (Composer) Mar 17, 2023
Moodle has Incorrect Default Permissions Moderate
CVE-2021-36400 was published for moodle/moodle (Composer) Mar 7, 2023
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4806 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4811 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents Moderate
CVE-2022-4812 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4798 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authentication vulnerability Moderate
CVE-2022-4799 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to Improper Authorization Moderate
CVE-2022-4802 was published for github.com/usememos/memos (Go) Dec 28, 2022
Authorization Bypass in Liferay Portal Moderate
CVE-2022-42129 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
Known v1.3.1 contains Insecure Direct Object Reference Moderate
CVE-2022-30852 was published for idno/known (Composer) Jul 9, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
JetPack Exposure of Resource to Wrong Sphere Moderate
CVE-2021-24374 was published for automattic/jetpack (Composer) May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module Moderate
CVE-2021-21022 was published for magento/community-edition (Composer) May 24, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate
CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability Moderate
CVE-2019-7864 was published for magento/community-edition (Composer) May 24, 2022
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
EC-CUBE vulnerable to authorization bypass Moderate
CVE-2014-0808 was published for ec-cube/ec-cube (Composer) May 17, 2022
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users Moderate
CVE-2018-16704 was published for gleez/cms (Composer) May 13, 2022
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2022-0731 was published for dolibarr/dolibarr (Composer) Feb 24, 2022
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. Moderate
CVE-2022-0691 was published for url-parse (npm) Feb 22, 2022
jhutchings1 Kenny2github
y-yagi Haxatron
url-parse Incorrectly parses URLs that include an '@' Moderate
CVE-2022-0639 was published for url-parse (npm) Feb 18, 2022
Haxatron
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database