Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

605 advisories

Loading
Windows TCP/IP Driver Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2021-31970 was published May 24, 2022
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet... Moderate Unreviewed
CVE-2020-6641 was published May 24, 2022
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete... Moderate Unreviewed
CVE-2021-24318 was published May 24, 2022
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability... Moderate Unreviewed
CVE-2020-8297 was published May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module Moderate
CVE-2021-21022 was published for magento/community-edition (Composer) May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the... Moderate Unreviewed
CVE-2020-36231 was published May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21012 was published May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21013 was published May 24, 2022
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download... Moderate Unreviewed
CVE-2020-26178 was published May 24, 2022
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >=... Moderate Unreviewed
CVE-2020-13357 was published May 24, 2022
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software... Moderate Unreviewed
CVE-2020-26068 was published May 24, 2022
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows... Moderate Unreviewed
CVE-2020-27742 was published May 24, 2022
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has... Critical Unreviewed
CVE-2020-16088 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles... Moderate Unreviewed
CVE-2020-14174 was published May 24, 2022
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code... High Unreviewed
CVE-2019-15310 was published May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker... Moderate Unreviewed
CVE-2020-5743 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex... Moderate Unreviewed
CVE-2020-9384 was published May 24, 2022
Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information.... Moderate Unreviewed
CVE-2019-19866 was published May 24, 2022
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4... Moderate Unreviewed
CVE-2019-18998 was published May 24, 2022
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to... Moderate Unreviewed
CVE-2019-5466 was published May 24, 2022
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and... Moderate Unreviewed
CVE-2019-15582 was published May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip... Moderate Unreviewed
CVE-2020-5194 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense ... Moderate Unreviewed
CVE-2019-19616 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database