Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

544 advisories

Loading
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows... Moderate Unreviewed
CVE-2020-27742 was published May 24, 2022
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has... Critical Unreviewed
CVE-2020-16088 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles... Moderate Unreviewed
CVE-2020-14174 was published May 24, 2022
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code... High Unreviewed
CVE-2019-15310 was published May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker... Moderate Unreviewed
CVE-2020-5743 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex... Moderate Unreviewed
CVE-2020-9384 was published May 24, 2022
Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information.... Moderate Unreviewed
CVE-2019-19866 was published May 24, 2022
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4... Moderate Unreviewed
CVE-2019-18998 was published May 24, 2022
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to... Moderate Unreviewed
CVE-2019-5466 was published May 24, 2022
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and... Moderate Unreviewed
CVE-2019-15582 was published May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip... Moderate Unreviewed
CVE-2020-5194 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense ... Moderate Unreviewed
CVE-2019-19616 was published May 24, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate
CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key... Moderate Unreviewed
CVE-2019-16340 was published May 24, 2022
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated... Critical Unreviewed
CVE-2019-17574 was published May 24, 2022
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4.... Moderate Unreviewed
CVE-2019-17382 was published May 24, 2022
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin... High Unreviewed
CVE-2019-17050 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14725 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... High Unreviewed
CVE-2019-14724 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14721 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14245 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14246 was published May 24, 2022
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to... High Unreviewed
CVE-2019-14932 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API