GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
2,000 advisories
Filter by severity
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks...
Moderate
Unreviewed
CVE-2022-22535
was published
Feb 11, 2022
Missing permission check in Perfecto Plugin
Moderate
CVE-2020-2260
was published
for
io.jenkins.plugins:perfecto
(Maven)
May 24, 2022
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before...
Moderate
Unreviewed
CVE-2019-8445
was published
May 24, 2022
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via...
Moderate
Unreviewed
CVE-2019-14786
was published
May 24, 2022
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which...
Moderate
Unreviewed
CVE-2021-24842
was published
Nov 30, 2021
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct...
Moderate
Unreviewed
CVE-2019-4158
was published
May 24, 2022
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and...
Moderate
Unreviewed
CVE-2019-18790
was published
May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query...
Moderate
Unreviewed
CVE-2020-15338
was published
Sep 30, 2022
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows...
Moderate
Unreviewed
CVE-2021-27598
was published
May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query...
Moderate
Unreviewed
CVE-2020-15337
was published
Sep 30, 2022
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation...
Moderate
Unreviewed
CVE-2021-24790
was published
Dec 14, 2021
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0...
Moderate
Unreviewed
CVE-2019-15013
was published
May 24, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12...
Moderate
Unreviewed
CVE-2019-15576
was published
May 24, 2022
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed...
Moderate
Unreviewed
CVE-2019-19985
was published
May 24, 2022
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing...
Moderate
Unreviewed
CVE-2022-4555
was published
Dec 20, 2022
In multiple locations of DreamManagerService.java, there is a missing permission check. This...
Moderate
Unreviewed
CVE-2022-20504
was published
Dec 20, 2022
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing...
Moderate
Unreviewed
CVE-2022-4501
was published
Dec 14, 2022
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6...
Moderate
Unreviewed
CVE-2019-5470
was published
May 24, 2022
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users ...
Moderate
Unreviewed
CVE-2020-9457
was published
May 24, 2022
Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts...
Moderate
Unreviewed
CVE-2020-8439
was published
May 24, 2022
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote...
Moderate
Unreviewed
CVE-2020-6393
was published
May 24, 2022
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote...
Moderate
Unreviewed
CVE-2020-9458
was published
May 24, 2022
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users ...
Moderate
Unreviewed
CVE-2020-9455
was published
May 24, 2022
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a...
Moderate
Unreviewed
CVE-2020-10073
was published
May 24, 2022
In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio...
Moderate
Unreviewed
CVE-2020-0061
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API