Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

1,992 advisories

Loading
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks... Moderate Unreviewed
CVE-2022-22535 was published Feb 11, 2022
Missing permission check in Perfecto Plugin Moderate
CVE-2020-2260 was published for io.jenkins.plugins:perfecto (Maven) May 24, 2022
NotMyFault
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before... Moderate Unreviewed
CVE-2019-8445 was published May 24, 2022
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via... Moderate Unreviewed
CVE-2019-14786 was published May 24, 2022
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which... Moderate Unreviewed
CVE-2021-24842 was published Nov 30, 2021
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct... Moderate Unreviewed
CVE-2019-4158 was published May 24, 2022
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and... Moderate Unreviewed
CVE-2019-18790 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query... Moderate Unreviewed
CVE-2020-15338 was published Sep 30, 2022
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows... Moderate Unreviewed
CVE-2021-27598 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query... Moderate Unreviewed
CVE-2020-15337 was published Sep 30, 2022
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation... Moderate Unreviewed
CVE-2021-24790 was published Dec 14, 2021
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0... Moderate Unreviewed
CVE-2019-15013 was published May 24, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12... Moderate Unreviewed
CVE-2019-15576 was published May 24, 2022
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed... Moderate Unreviewed
CVE-2019-19985 was published May 24, 2022
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing... Moderate Unreviewed
CVE-2022-4555 was published Dec 20, 2022
In multiple locations of DreamManagerService.java, there is a missing permission check. This... Moderate Unreviewed
CVE-2022-20504 was published Dec 20, 2022
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing... Moderate Unreviewed
CVE-2022-4501 was published Dec 14, 2022
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6... Moderate Unreviewed
CVE-2019-5470 was published May 24, 2022
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users ... Moderate Unreviewed
CVE-2020-9457 was published May 24, 2022
Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts... Moderate Unreviewed
CVE-2020-8439 was published May 24, 2022
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote... Moderate Unreviewed
CVE-2020-6393 was published May 24, 2022
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote... Moderate Unreviewed
CVE-2020-9458 was published May 24, 2022
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users ... Moderate Unreviewed
CVE-2020-9455 was published May 24, 2022
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a... Moderate Unreviewed
CVE-2020-10073 was published May 24, 2022
In Pixel Recorder, there is a possible permissions bypass allowing arbitrary apps to record audio... Moderate Unreviewed
CVE-2020-0061 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database