Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

892 advisories

Loading
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker... Moderate Unreviewed
CVE-2020-5743 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex... Moderate Unreviewed
CVE-2020-9384 was published May 24, 2022
Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information.... Moderate Unreviewed
CVE-2019-19866 was published May 24, 2022
Insufficient access control in the web interface of ABB Asset Suite versions 9.0 to 9.3, 9.4... Moderate Unreviewed
CVE-2019-18998 was published May 24, 2022
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to... Moderate Unreviewed
CVE-2019-5466 was published May 24, 2022
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and... Moderate Unreviewed
CVE-2019-15582 was published May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip... Moderate Unreviewed
CVE-2020-5194 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense ... Moderate Unreviewed
CVE-2019-19616 was published May 24, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate
CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key... Moderate Unreviewed
CVE-2019-16340 was published May 24, 2022
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated... Critical Unreviewed
CVE-2019-17574 was published May 24, 2022
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4.... Moderate Unreviewed
CVE-2019-17382 was published May 24, 2022
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin... High Unreviewed
CVE-2019-17050 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14725 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... High Unreviewed
CVE-2019-14724 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14721 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14246 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14245 was published May 24, 2022
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to... High Unreviewed
CVE-2019-14932 was published May 24, 2022
Magento 2 Community Edition Access Control Bypass High
CVE-2019-7950 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7890 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7854 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition IDOR Vulnerability Moderate
CVE-2019-7864 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database