GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
318 advisories
Filter by severity
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a...
Moderate
Unreviewed
CVE-2017-15195
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a...
Moderate
Unreviewed
CVE-2017-15196
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a...
Moderate
Unreviewed
CVE-2017-15201
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a...
Moderate
Unreviewed
CVE-2017-15200
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a...
Moderate
Unreviewed
CVE-2017-15199
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to...
Moderate
Unreviewed
CVE-2017-15197
was published
May 13, 2022
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User...
Moderate
Unreviewed
CVE-2017-0936
was published
May 13, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to...
Moderate
Unreviewed
CVE-2019-9921
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
Moderate
Unreviewed
CVE-2019-9219
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
Moderate
Unreviewed
CVE-2019-9170
was published
May 13, 2022
** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that...
Moderate
Unreviewed
CVE-2018-20405
was published
May 13, 2022
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR)...
Moderate
Unreviewed
CVE-2018-16971
was published
May 13, 2022
Gleez CMS Vulnerability Allows Forced Browsing to Profile Page of Other Users
Moderate
CVE-2018-16704
was published
for
gleez/cms
(Composer)
May 13, 2022
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and...
Moderate
Unreviewed
CVE-2018-16606
was published
May 13, 2022
In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2018-15833
was published
May 13, 2022
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network...
Moderate
Unreviewed
CVE-2019-9938
was published
May 13, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions...
Moderate
Unreviewed
CVE-2022-1352
was published
May 12, 2022
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although...
Moderate
Unreviewed
CVE-2022-23061
was published
May 3, 2022
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to...
Moderate
Unreviewed
CVE-2022-1461
was published
Apr 26, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to...
Moderate
Unreviewed
CVE-2021-24800
was published
Apr 26, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an...
Moderate
Unreviewed
CVE-2022-29287
was published
Apr 17, 2022
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony...
Moderate
Unreviewed
CVE-2022-27108
was published
Apr 7, 2022
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access...
Moderate
Unreviewed
CVE-2022-26254
was published
Mar 28, 2022
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user...
Moderate
Unreviewed
CVE-2022-0442
was published
Mar 8, 2022
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2022-0731
was published
for
dolibarr/dolibarr
(Composer)
Feb 24, 2022
ProTip!
Advisories are also available from the
GraphQL API