Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

605 advisories

Loading
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed High
CVE-2018-1000210 was published for YamlDotNet (NuGet) Oct 16, 2018
Authorization Bypass Through User-Controlled Key in Bagisto Moderate
CVE-2019-16403 was published for bagisto/bagisto (Composer) Nov 8, 2019
Machine-In-The-Middle in lix High
CVE-2020-10800 was published for lix (npm) Apr 16, 2020
IDOR can reveal execution data and logs to unauthorized user in Rundeck Moderate
CVE-2020-11009 was published for org.rundeck:rundeck (Maven) Apr 29, 2020
Users can edit the tags of any discussion Moderate
GHSA-32wx-4gxx-h48f was published for flarum/tags (Composer) Jan 29, 2021
LianSheng197 SychO9
Insecure direct object reference of log files of the Import/Export feature Moderate
CVE-2021-37709 was published for shopware/core (Composer) Aug 30, 2021
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
Exposure of sensitive information in concrete5/core Moderate
CVE-2021-22967 was published for concrete5/core (Composer) Nov 23, 2021
Password exposure in concrete5/core Moderate
CVE-2021-22951 was published for concrete5/core (Composer) Nov 23, 2021
Dell EMC Streaming Data Platform versions before 1.3 contain an Indirect Object Reference... Moderate Unreviewed
CVE-2021-36329 was published Dec 1, 2021
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
elgg is vulnerable to Authorization Bypass Through User-Controlled Key Moderate
CVE-2021-3964 was published for elgg/elgg (Composer) Dec 3, 2021
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to... High Unreviewed
CVE-2021-24739 was published Dec 22, 2021
https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source... Moderate Unreviewed
CVE-2021-40579 was published Dec 29, 2021
Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote... High Unreviewed
CVE-2021-44160 was published Dec 30, 2021
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled... Critical Unreviewed
CVE-2021-45428 was published Jan 4, 2022
growi is vulnerable to Authorization Bypass Through User-Controlled Key High Unreviewed
CVE-2021-3852 was published Jan 13, 2022
Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow... High Unreviewed
CVE-2021-3965 was published Jan 15, 2022
Authorization Bypass Through User-Controlled Key in LiveHelperChat Moderate
CVE-2022-0266 was published for remdex/livehelperchat (Composer) Jan 21, 2022
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0... High Unreviewed
CVE-2022-22828 was published Jan 28, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a... Moderate Unreviewed
CVE-2021-25096 was published Feb 8, 2022
Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. Moderate Unreviewed
CVE-2021-3813 was published Feb 10, 2022
Authorization bypass in url-parse Moderate
CVE-2022-0512 was published for url-parse (npm) Feb 15, 2022
Authorization Bypass Through User-Controlled Key in urijs Moderate
CVE-2022-0613 was published for urijs (npm) Feb 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database