GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
563 advisories
Filter by severity
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker...
Moderate
Unreviewed
CVE-2020-5743
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex...
Moderate
Unreviewed
CVE-2020-9384
was published
May 24, 2022
Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information....
Moderate
Unreviewed
CVE-2019-19866
was published
May 24, 2022
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4...
Moderate
Unreviewed
CVE-2019-18998
was published
May 24, 2022
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to...
Moderate
Unreviewed
CVE-2019-5466
was published
May 24, 2022
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and...
Moderate
Unreviewed
CVE-2019-15582
was published
May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip...
Moderate
Unreviewed
CVE-2020-5194
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense ...
Moderate
Unreviewed
CVE-2019-19616
was published
May 24, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
Moderate
CVE-2019-16546
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key...
Moderate
Unreviewed
CVE-2019-16340
was published
May 24, 2022
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated...
Critical
Unreviewed
CVE-2019-17574
was published
May 24, 2022
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4....
Moderate
Unreviewed
CVE-2019-17382
was published
May 24, 2022
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin...
High
Unreviewed
CVE-2019-17050
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
High
Unreviewed
CVE-2019-14724
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
Moderate
Unreviewed
CVE-2019-14725
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
Moderate
Unreviewed
CVE-2019-14721
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
Moderate
Unreviewed
CVE-2019-14246
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
Moderate
Unreviewed
CVE-2019-14245
was published
May 24, 2022
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to...
High
Unreviewed
CVE-2019-14932
was published
May 24, 2022
Magento 2 Community Edition Access Control Bypass
High
CVE-2019-7950
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition IDOR Vulnerability
High
CVE-2019-7890
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition IDOR Vulnerability
Moderate
CVE-2019-7864
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition IDOR Vulnerability
High
CVE-2019-7854
was published
for
magento/community-edition
(Composer)
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass...
Critical
Unreviewed
CVE-2019-13360
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can...
High
Unreviewed
CVE-2019-13605
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API