Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

892 advisories

Loading
An improper access control vulnerability [CWE-284] in FortiMail 7.2.0, 7.0.0 through 7.0.3, 6.4... Moderate Unreviewed
CVE-2022-39945 was published Nov 2, 2022
Users with Node Management rights were able to view and edit all nodes due to Insufficient... Moderate Unreviewed
CVE-2022-36966 was published Oct 21, 2022
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Team scope authorization bypass when Post/Put request with :team_name in body, allows HTTP parameter pollution Moderate
CVE-2022-31683 was published for github.com/concourse/concourse (Go) Oct 19, 2022
rickramgattie tdunlap607
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any... High Unreviewed
CVE-2022-33077 was published Oct 19, 2022
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19... High Unreviewed
CVE-2022-41479 was published Oct 18, 2022
The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check... Moderate Unreviewed
CVE-2022-3282 was published Oct 17, 2022
An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6... Moderate Unreviewed
CVE-2022-3331 was published Oct 17, 2022
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object... Moderate Unreviewed
CVE-2022-42067 was published Oct 14, 2022
In affected versions of Octopus Server it is possible to reveal information about teams via the... Moderate Unreviewed
CVE-2022-2828 was published Oct 13, 2022
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master... Moderate Unreviewed
CVE-2021-36865 was published Oct 1, 2022
The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from... Moderate Unreviewed
CVE-2022-1613 was published Sep 27, 2022
HashiCorp Vault vulnerable to incorrect metadata access Critical
CVE-2022-40186 was published for github.com/hashicorp/vault (Go) Sep 23, 2022
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users... Moderate Unreviewed
CVE-2022-1580 was published Sep 20, 2022
The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP... Moderate Unreviewed
CVE-2022-2877 was published Sep 17, 2022
The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address... Moderate Unreviewed
CVE-2022-2913 was published Sep 17, 2022
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change... Critical Unreviewed
CVE-2022-38789 was published Sep 16, 2022
WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted... High Unreviewed
CVE-2022-36539 was published Sep 8, 2022
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to... Moderate Unreviewed
CVE-2022-32277 was published Sep 7, 2022
The forgot password token basically just makes us capable of taking over the account of whoever... High Unreviewed
CVE-2022-3019 was published Aug 29, 2022
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its... Moderate Unreviewed
CVE-2022-2034 was published Aug 29, 2022
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message... Moderate Unreviewed
CVE-2022-2080 was published Aug 29, 2022
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy ... Moderate Unreviewed
CVE-2022-2198 was published Aug 23, 2022
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2022-34621 was published Aug 20, 2022
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a... Moderate Unreviewed
CVE-2022-2535 was published Aug 16, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database