GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,587
Composer 4,205
Erlang 31
GitHub Actions 19
Go 1,988
Maven 5,170
npm 3,704
NuGet 661
pip 3,332
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,200

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

605 advisories

Filter by severity

Sort by

Least recently updated

Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An... Moderate Unreviewed

CVE-2022-38765 was published Dec 9, 2022

The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a... Moderate Unreviewed

CVE-2022-2535 was published Aug 16, 2022

A vulnerability, which was classified as problematic, has been found in Click Studios... Moderate Unreviewed

CVE-2022-3876 was published Dec 19, 2022

Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key... Moderate Unreviewed

CVE-2019-16340 was published May 24, 2022

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7... Unknown Unreviewed

CVE-2022-2730 was published Aug 10, 2022

RSFirewall tries to identify the original IP address by looking at different HTTP headers. A... Critical Unreviewed

CVE-2021-4226 was published Dec 15, 2022

An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and... Moderate Unreviewed

CVE-2019-15582 was published May 24, 2022

Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information.... Moderate Unreviewed

CVE-2019-19866 was published May 24, 2022

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... High Unreviewed

CVE-2021-36032 was published May 24, 2022

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP... Moderate Unreviewed

CVE-2022-2877 was published Sep 17, 2022

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address... Moderate Unreviewed

CVE-2022-2913 was published Sep 17, 2022

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles... Moderate Unreviewed

CVE-2020-14174 was published May 24, 2022

The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and... Low Unreviewed

CVE-2022-3343 was published Jan 10, 2023

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change... Critical Unreviewed

CVE-2022-38789 was published Sep 16, 2022

An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code... High Unreviewed

CVE-2019-15310 was published May 24, 2022

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows... Moderate Unreviewed

CVE-2020-27742 was published May 24, 2022

An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >=... Moderate Unreviewed

CVE-2020-13357 was published May 24, 2022

A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software... Moderate Unreviewed

CVE-2020-26068 was published May 24, 2022

In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download... Moderate Unreviewed

CVE-2020-26178 was published May 24, 2022

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the... Moderate Unreviewed

CVE-2020-36231 was published May 24, 2022

Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. Moderate Unreviewed

CVE-2021-3813 was published Feb 10, 2022

Two authorization bypass through user-controlled key vulnerabilities in the Fortinet... Moderate Unreviewed

CVE-2020-6641 was published May 24, 2022

An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed

CVE-2021-31927 was published May 24, 2022

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object... Moderate Unreviewed

CVE-2021-35337 was published May 24, 2022

The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing... Moderate Unreviewed

CVE-2021-24473 was published May 24, 2022

Previous 1 2 3 4 5 … 24 25 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

605 advisories