GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,405

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

607 advisories

Filter by severity

Sort by

Least recently updated

The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip... Moderate Unreviewed

CVE-2020-5194 was published May 24, 2022

An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense ... Moderate Unreviewed

CVE-2019-19616 was published May 24, 2022

Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate

CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key... Moderate Unreviewed

CVE-2019-16340 was published May 24, 2022

An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated... Critical Unreviewed

CVE-2019-17574 was published May 24, 2022

An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4.... Moderate Unreviewed

CVE-2019-17382 was published May 24, 2022

An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin... High Unreviewed

CVE-2019-17050 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... High Unreviewed

CVE-2019-14724 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed

CVE-2019-14725 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed

CVE-2019-14721 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed

CVE-2019-14246 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed

CVE-2019-14245 was published May 24, 2022

The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to... High Unreviewed

CVE-2019-14932 was published May 24, 2022

Magento 2 Community Edition Access Control Bypass High

CVE-2019-7950 was published for magento/community-edition (Composer) May 24, 2022

Magento 2 Community Edition IDOR Vulnerability High

CVE-2019-7890 was published for magento/community-edition (Composer) May 24, 2022

Magento 2 Community Edition IDOR Vulnerability High

CVE-2019-7854 was published for magento/community-edition (Composer) May 24, 2022

Magento 2 Community Edition IDOR Vulnerability Moderate

CVE-2019-7864 was published for magento/community-edition (Composer) May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass... Critical Unreviewed

CVE-2019-13360 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can... High Unreviewed

CVE-2019-13605 was published May 24, 2022

In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL... High Unreviewed

CVE-2019-13337 was published May 24, 2022

An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 ... High Unreviewed

CVE-2019-12782 was published May 24, 2022

Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to... Moderate Unreviewed

CVE-2019-5966 was published May 24, 2022

An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was... Critical Unreviewed

CVE-2019-12866 was published May 24, 2022

Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account,... High Unreviewed

CVE-2019-12742 was published May 24, 2022

An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before... Moderate Unreviewed

CVE-2018-18976 was published May 24, 2022

Previous 1 2 … 19 20 21 22 23 24 25 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

607 advisories