GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
544 advisories
Filter by severity
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows...
Moderate
Unreviewed
CVE-2020-27742
was published
May 24, 2022
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has...
Critical
Unreviewed
CVE-2020-16088
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles...
Moderate
Unreviewed
CVE-2020-14174
was published
May 24, 2022
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code...
High
Unreviewed
CVE-2019-15310
was published
May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote...
Moderate
Unreviewed
CVE-2020-13998
was published
May 24, 2022
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker...
Moderate
Unreviewed
CVE-2020-5743
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex...
Moderate
Unreviewed
CVE-2020-9384
was published
May 24, 2022
Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information....
Moderate
Unreviewed
CVE-2019-19866
was published
May 24, 2022
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4...
Moderate
Unreviewed
CVE-2019-18998
was published
May 24, 2022
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to...
Moderate
Unreviewed
CVE-2019-5466
was published
May 24, 2022
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and...
Moderate
Unreviewed
CVE-2019-15582
was published
May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip...
Moderate
Unreviewed
CVE-2020-5194
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense ...
Moderate
Unreviewed
CVE-2019-19616
was published
May 24, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
Moderate
CVE-2019-16546
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key...
Moderate
Unreviewed
CVE-2019-16340
was published
May 24, 2022
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated...
Critical
Unreviewed
CVE-2019-17574
was published
May 24, 2022
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4....
Moderate
Unreviewed
CVE-2019-17382
was published
May 24, 2022
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin...
High
Unreviewed
CVE-2019-17050
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
Moderate
Unreviewed
CVE-2019-14725
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
High
Unreviewed
CVE-2019-14724
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
Moderate
Unreviewed
CVE-2019-14721
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
Moderate
Unreviewed
CVE-2019-14245
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
Moderate
Unreviewed
CVE-2019-14246
was published
May 24, 2022
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to...
High
Unreviewed
CVE-2019-14932
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API