Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,266
Erlang
31
GitHub Actions
21
Go
2,041
Maven
5,000+
npm
3,733
NuGet
662
pip
3,414
Pub
12
RubyGems
891
Rust
866
Swift
36
Unreviewed advisories
All unreviewed
5,000+

645 advisories

Loading
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to... High Unreviewed
CVE-2019-14932 was published May 24, 2022
Magento 2 Community Edition Access Control Bypass High
CVE-2019-7950 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7890 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability Moderate
CVE-2019-7864 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7854 was published for magento/community-edition (Composer) May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass... Critical Unreviewed
CVE-2019-13360 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can... High Unreviewed
CVE-2019-13605 was published May 24, 2022
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL... High Unreviewed
CVE-2019-13337 was published May 24, 2022
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 ... High Unreviewed
CVE-2019-12782 was published May 24, 2022
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to... Moderate Unreviewed
CVE-2019-5966 was published May 24, 2022
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was... Critical Unreviewed
CVE-2019-12866 was published May 24, 2022
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account,... High Unreviewed
CVE-2019-12742 was published May 24, 2022
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before... Moderate Unreviewed
CVE-2018-18976 was published May 24, 2022
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0... Moderate Unreviewed
CVE-2022-29434 was published May 21, 2022
EC-CUBE vulnerable to authorization bypass Moderate
CVE-2014-0808 was published for ec-cube/ec-cube (Composer) May 17, 2022
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and... Moderate Unreviewed
CVE-2022-1425 was published May 17, 2022
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive... Moderate Unreviewed
CVE-2022-27247 was published May 14, 2022
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the... High Unreviewed
CVE-2018-16608 was published May 13, 2022
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper... Moderate Unreviewed
CVE-2018-10211 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link... Moderate Unreviewed
CVE-2017-15206 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments... Moderate Unreviewed
CVE-2017-15209 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link... Moderate Unreviewed
CVE-2017-15211 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a... Moderate Unreviewed
CVE-2017-15207 was published May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic... Moderate Unreviewed
CVE-2017-15208 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database