Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

60 advisories

Loading
Authorization Bypass Through User-Controlled Key in Bagisto Moderate
CVE-2019-16403 was published for bagisto/bagisto (Composer) Nov 8, 2019
IDOR can reveal execution data and logs to unauthorized user in Rundeck Moderate
CVE-2020-11009 was published for org.rundeck:rundeck (Maven) Apr 29, 2020
Users can edit the tags of any discussion Moderate
GHSA-32wx-4gxx-h48f was published for flarum/tags (Composer) Jan 29, 2021
LianSheng197 SychO9
Insecure direct object reference of log files of the Import/Export feature Moderate
CVE-2021-37709 was published for shopware/core (Composer) Aug 30, 2021
Exposure of sensitive information in concrete5/core Moderate
CVE-2021-22967 was published for concrete5/core (Composer) Nov 23, 2021
Password exposure in concrete5/core Moderate
CVE-2021-22951 was published for concrete5/core (Composer) Nov 23, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
elgg is vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2021-3964 was published for elgg/elgg (Composer) Dec 3, 2021
Authorization Bypass Through User-Controlled Key in LiveHelperChat Moderate
CVE-2022-0266 was published for remdex/livehelperchat (Composer) Jan 21, 2022
Authorization bypass in url-parse Moderate
CVE-2022-0512 was published for url-parse (npm) Feb 15, 2022
Authorization Bypass Through User-Controlled Key in urijs Moderate
CVE-2022-0613 was published for urijs (npm) Feb 17, 2022
url-parse Incorrectly parses URLs that include an '@' Moderate
CVE-2022-0639 was published for url-parse (npm) Feb 18, 2022
Haxatron
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters. Moderate
CVE-2022-0691 was published for url-parse (npm) Feb 22, 2022
jhutchings1 Kenny2github
y-yagi Haxatron
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2022-0731 was published for dolibarr/dolibarr (Composer) Feb 24, 2022
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users Moderate
CVE-2018-16704 was published for gleez/cms (Composer) May 13, 2022
EC-CUBE vulnerable to authorization bypass Moderate
CVE-2014-0808 was published for ec-cube/ec-cube (Composer) May 17, 2022
Publify has Improper Access Controls Moderate
CVE-2022-1810 was published for publify_core (RubyGems) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability Moderate
CVE-2019-7864 was published for magento/community-edition (Composer) May 24, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate
CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module Moderate
CVE-2021-21022 was published for magento/community-edition (Composer) May 24, 2022
JetPack Exposure of Resource to Wrong Sphere Moderate
CVE-2021-24374 was published for automattic/jetpack (Composer) May 24, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
Known v1.3.1 contains Insecure Direct Object Reference Moderate
CVE-2022-30852 was published for idno/known (Composer) Jul 9, 2022
Authorization Bypass in Liferay Portal Moderate
CVE-2022-42129 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4798 was published for github.com/usememos/memos (Go) Dec 28, 2022
ProTip! Advisories are also available from the GraphQL API