GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
296 advisories
Filter by severity
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference...
Moderate
Unreviewed
CVE-2021-36329
was published
Dec 1, 2021
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source...
Moderate
Unreviewed
CVE-2021-40579
was published
Dec 29, 2021
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a...
Moderate
Unreviewed
CVE-2021-25096
was published
Feb 8, 2022
Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.
Moderate
Unreviewed
CVE-2021-3813
was published
Feb 10, 2022
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site...
Moderate
Unreviewed
CVE-2022-24979
was published
Feb 20, 2022
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user...
Moderate
Unreviewed
CVE-2022-0442
was published
Mar 8, 2022
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access...
Moderate
Unreviewed
CVE-2022-26254
was published
Mar 28, 2022
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony...
Moderate
Unreviewed
CVE-2022-27108
was published
Apr 7, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an...
Moderate
Unreviewed
CVE-2022-29287
was published
Apr 17, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to...
Moderate
Unreviewed
CVE-2021-24800
was published
Apr 26, 2022
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to...
Moderate
Unreviewed
CVE-2022-1461
was published
Apr 26, 2022
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although...
Moderate
Unreviewed
CVE-2022-23061
was published
May 3, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions...
Moderate
Unreviewed
CVE-2022-1352
was published
May 12, 2022
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network...
Moderate
Unreviewed
CVE-2019-9938
was published
May 13, 2022
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2018-15833
was published
May 13, 2022
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and...
Moderate
Unreviewed
CVE-2018-16606
was published
May 13, 2022
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR)...
Moderate
Unreviewed
CVE-2018-16971
was published
May 13, 2022
** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that...
Moderate
Unreviewed
CVE-2018-20405
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
Moderate
Unreviewed
CVE-2019-9170
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
Moderate
Unreviewed
CVE-2019-9219
was published
May 13, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to...
Moderate
Unreviewed
CVE-2019-9921
was published
May 13, 2022
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User...
Moderate
Unreviewed
CVE-2017-0936
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a...
Moderate
Unreviewed
CVE-2017-15200
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a...
Moderate
Unreviewed
CVE-2017-15196
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a...
Moderate
Unreviewed
CVE-2017-15199
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API