GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
563 advisories
Filter by severity
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL...
High
Unreviewed
CVE-2019-13337
was published
May 24, 2022
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 ...
High
Unreviewed
CVE-2019-12782
was published
May 24, 2022
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to...
Moderate
Unreviewed
CVE-2019-5966
was published
May 24, 2022
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was...
Critical
Unreviewed
CVE-2019-12866
was published
May 24, 2022
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account,...
High
Unreviewed
CVE-2019-12742
was published
May 24, 2022
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before...
Moderate
Unreviewed
CVE-2018-18976
was published
May 24, 2022
Publify has Improper Access Controls
Moderate
CVE-2022-1810
was published
for
publify_core
(RubyGems)
May 24, 2022
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0...
Moderate
Unreviewed
CVE-2022-29434
was published
May 21, 2022
EC-CUBE vulnerable to authorization bypass
Moderate
CVE-2014-0808
was published
for
ec-cube/ec-cube
(Composer)
May 17, 2022
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and...
Moderate
Unreviewed
CVE-2022-1425
was published
May 17, 2022
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive...
Moderate
Unreviewed
CVE-2022-27247
was published
May 14, 2022
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the...
High
Unreviewed
CVE-2018-16608
was published
May 13, 2022
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper...
Moderate
Unreviewed
CVE-2018-10211
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link...
Moderate
Unreviewed
CVE-2017-15211
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link...
Moderate
Unreviewed
CVE-2017-15206
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments...
Moderate
Unreviewed
CVE-2017-15209
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions...
Moderate
Unreviewed
CVE-2017-15204
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic...
Moderate
Unreviewed
CVE-2017-15208
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories...
Moderate
Unreviewed
CVE-2017-15203
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a...
Moderate
Unreviewed
CVE-2017-15202
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a...
Moderate
Unreviewed
CVE-2017-15207
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a...
Moderate
Unreviewed
CVE-2017-15195
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a...
Moderate
Unreviewed
CVE-2017-15196
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a...
Moderate
Unreviewed
CVE-2017-15201
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a...
Moderate
Unreviewed
CVE-2017-15200
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API