GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
21
Go
2,003
Maven
5,000+
npm
3,714
NuGet
661
pip
3,387
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
58 advisories
Filter by severity
Users can edit the tags of any discussion
Moderate
GHSA-32wx-4gxx-h48f
was published
for
flarum/tags
(Composer)
Jan 29, 2021
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator
Moderate
CVE-2022-31027
was published
for
oauthenticator
(pip)
Jun 6, 2022
Known v1.3.1 contains Insecure Direct Object Reference
Moderate
CVE-2022-30852
was published
for
idno/known
(Composer)
Jul 9, 2022
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2022-0731
was published
for
dolibarr/dolibarr
(Composer)
Feb 24, 2022
kimai2 is vulnerable to Improper Access Control
Moderate
CVE-2021-3992
was published
for
kevinpapst/kimai2
(Composer)
Dec 3, 2021
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
Moderate
CVE-2019-16546
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
Authorization Bypass Through User-Controlled Key in Bagisto
Moderate
CVE-2019-16403
was published
for
bagisto/bagisto
(Composer)
Nov 8, 2019
IDOR can reveal execution data and logs to unauthorized user in Rundeck
Moderate
CVE-2020-11009
was published
for
org.rundeck:rundeck
(Maven)
Apr 29, 2020
Authorization Bypass in Liferay Portal
Moderate
CVE-2022-42129
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
Password exposure in concrete5/core
Moderate
CVE-2021-22951
was published
for
concrete5/core
(Composer)
Nov 23, 2021
Insecure direct object reference of log files of the Import/Export feature
Moderate
CVE-2021-37709
was published
for
shopware/core
(Composer)
Aug 30, 2021
Exposure of sensitive information in concrete5/core
Moderate
CVE-2021-22967
was published
for
concrete5/core
(Composer)
Nov 23, 2021
elgg is vulnerable to Authorization Bypass Through User-Controlled Key
Moderate
CVE-2021-3964
was published
for
elgg/elgg
(Composer)
Dec 3, 2021
usememos/memos vulnerable to Improper Authorization
Moderate
CVE-2022-4802
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4806
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents
Moderate
CVE-2022-4812
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authentication vulnerability
Moderate
CVE-2022-4799
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4798
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
Authorization Bypass Through User-Controlled Key in LiveHelperChat
Moderate
CVE-2022-0266
was published
for
remdex/livehelperchat
(Composer)
Jan 21, 2022
Authorization Bypass Through User-Controlled Key in urijs
Moderate
CVE-2022-0613
was published
for
urijs
(npm)
Feb 17, 2022
Authorization bypass in url-parse
Moderate
CVE-2022-0512
was published
for
url-parse
(npm)
Feb 15, 2022
Moodle has Incorrect Default Permissions
Moderate
CVE-2021-36400
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
Authorization Bypass Through User-Controlled Key play-with-docker
Moderate
CVE-2023-28109
was published
for
github.com/play-with-docker/play-with-docker
(Go)
Mar 17, 2023
Improper Authorization in nilsteampassnet/teampass
Moderate
CVE-2023-1463
was published
for
nilsteampassnet/teampass
(Composer)
Mar 17, 2023
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4811
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
ProTip!
Advisories are also available from the
GraphQL API