Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,884
Erlang
37
GitHub Actions
38
Go
2,546
Maven
5,000+
npm
4,205
NuGet
743
pip
3,978
Pub
12
RubyGems
947
Rust
1,034
Swift
39
Unreviewed advisories
All unreviewed
5,000+

545 advisories

Loading
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a... Moderate Unreviewed
CVE-2017-15201 was published May 13, 2022
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly... Moderate Unreviewed
CVE-2022-4417 was published Jan 3, 2023
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference ... Moderate Unreviewed
CVE-2022-4340 was published Jan 3, 2023
onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive... Moderate Unreviewed
CVE-2022-27247 was published May 14, 2022
The Awesome Support WordPress plugin before 6.1.2 does not ensure that the exported tickets... Moderate Unreviewed
CVE-2022-3511 was published Nov 28, 2022
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check... Moderate Unreviewed
CVE-2022-3282 was published Oct 17, 2022
Users with Node Management rights were able to view and edit all nodes due to Insufficient... Moderate Unreviewed
CVE-2022-36966 was published Oct 21, 2022
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and... Moderate Unreviewed
CVE-2022-1425 was published May 17, 2022
usememos/memos vulnerable to Improper Authorization Moderate
CVE-2022-4802 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Access Control vulnerability Moderate
CVE-2022-4806 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents Moderate
CVE-2022-4812 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authentication vulnerability Moderate
CVE-2022-4799 was published for github.com/usememos/memos (Go) Dec 28, 2022
usememos/memos Improper Authorization vulnerability Moderate
CVE-2022-4798 was published for github.com/usememos/memos (Go) Dec 28, 2022
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source... Moderate Unreviewed
CVE-2021-40579 was published Dec 29, 2021
Authorization Bypass Through User-Controlled Key in LiveHelperChat Moderate
CVE-2022-0266 was published for remdex/livehelperchat (Composer) Jan 21, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a... Moderate Unreviewed
CVE-2021-25096 was published Feb 8, 2022
Authorization Bypass Through User-Controlled Key in urijs Moderate
CVE-2022-0613 was published for urijs (npm) Feb 17, 2022
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site... Moderate Unreviewed
CVE-2022-24979 was published Feb 20, 2022
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user... Moderate Unreviewed
CVE-2022-0442 was published Mar 8, 2022
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2023-0550 was published Jan 27, 2023
The WP FullCalendar WordPress plugin before 1.5 does not ensure that the post retrieved via an... Moderate Unreviewed
CVE-2022-3891 was published Feb 13, 2023
Authorization bypass in url-parse Moderate
CVE-2022-0512 was published for url-parse (npm) Feb 15, 2022
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can... Moderate Unreviewed
CVE-2019-12252 was published May 24, 2022
The WP Private Message WordPress plugin (bundled with the Superio theme as a required plugin)... Moderate Unreviewed
CVE-2023-0453 was published Feb 21, 2023
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14246 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database