GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
318 advisories
Filter by severity
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Moderate
CVE-2022-0691
was published
for
url-parse
(npm)
Feb 22, 2022
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site...
Moderate
Unreviewed
CVE-2022-24979
was published
Feb 20, 2022
url-parse Incorrectly parses URLs that include an '@'
Moderate
CVE-2022-0639
was published
for
url-parse
(npm)
Feb 18, 2022
Authorization Bypass Through User-Controlled Key in urijs
Moderate
CVE-2022-0613
was published
for
urijs
(npm)
Feb 17, 2022
Authorization bypass in url-parse
Moderate
CVE-2022-0512
was published
for
url-parse
(npm)
Feb 15, 2022
Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.
Moderate
Unreviewed
CVE-2021-3813
was published
Feb 10, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a...
Moderate
Unreviewed
CVE-2021-25096
was published
Feb 8, 2022
Authorization Bypass Through User-Controlled Key in LiveHelperChat
Moderate
CVE-2022-0266
was published
for
remdex/livehelperchat
(Composer)
Jan 21, 2022
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source...
Moderate
Unreviewed
CVE-2021-40579
was published
Dec 29, 2021
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
Moderate
CVE-2021-3964
was published
for
elgg/elgg
(Composer)
Dec 3, 2021
kimai2 is vulnerable to Improper Access Control
Moderate
CVE-2021-3992
was published
for
kevinpapst/kimai2
(Composer)
Dec 3, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference...
Moderate
Unreviewed
CVE-2021-36329
was published
Dec 1, 2021
Password exposure in concrete5/core
Moderate
CVE-2021-22951
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Exposure of sensitive information in concrete5/core
Moderate
CVE-2021-22967
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Insecure direct object reference of log files of the Import/Export feature
Moderate
CVE-2021-37709
was published
for
shopware/core
(Composer)
Aug 30, 2021
Users can edit the tags of any discussion
Moderate
GHSA-32wx-4gxx-h48f
was published
for
flarum/tags
(Composer)
Jan 29, 2021
IDOR can reveal execution data and logs to unauthorized user in Rundeck
Moderate
CVE-2020-11009
was published
for
org.rundeck:rundeck
(Maven)
Apr 29, 2020
Authorization Bypass Through User-Controlled Key in Bagisto
Moderate
CVE-2019-16403
was published
for
bagisto/bagisto
(Composer)
Nov 8, 2019
ProTip!
Advisories are also available from the
GraphQL API