GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
456 advisories
Filter by severity
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the...
High
Unreviewed
CVE-2018-16608
was published
May 13, 2022
An issue was discovered in Vaultize Enterprise File Sharing 17.05.31. There is improper...
Moderate
Unreviewed
CVE-2018-10211
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove attachments...
Moderate
Unreviewed
CVE-2017-15209
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an external link...
Moderate
Unreviewed
CVE-2017-15211
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add an internal link...
Moderate
Unreviewed
CVE-2017-15206
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit swimlanes of a...
Moderate
Unreviewed
CVE-2017-15195
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit columns of a...
Moderate
Unreviewed
CVE-2017-15202
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove categories...
Moderate
Unreviewed
CVE-2017-15203
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove automatic...
Moderate
Unreviewed
CVE-2017-15208
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add automatic actions...
Moderate
Unreviewed
CVE-2017-15204
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tasks of a...
Moderate
Unreviewed
CVE-2017-15207
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new task to a...
Moderate
Unreviewed
CVE-2017-15200
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit metadata of a...
Moderate
Unreviewed
CVE-2017-15199
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can add a new category to...
Moderate
Unreviewed
CVE-2017-15197
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can remove columns from a...
Moderate
Unreviewed
CVE-2017-15196
was published
May 13, 2022
In Kanboard before 1.0.47, by altering form data, an authenticated user can edit tags of a...
Moderate
Unreviewed
CVE-2017-15201
was published
May 13, 2022
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User...
Moderate
Unreviewed
CVE-2017-0936
was published
May 13, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to...
Moderate
Unreviewed
CVE-2019-9921
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and...
Critical
Unreviewed
CVE-2019-9756
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
Moderate
Unreviewed
CVE-2019-9219
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before...
Moderate
Unreviewed
CVE-2019-9170
was published
May 13, 2022
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint...
Critical
Unreviewed
CVE-2019-6716
was published
May 13, 2022
** DISPUTED ** BigTree 4.3 allows full path disclosure via authenticated admin/news/ input that...
Moderate
Unreviewed
CVE-2018-20405
was published
May 13, 2022
Wisetail Learning Ecosystem (LE) through v4.11.6 allows insecure direct object reference (IDOR)...
Moderate
Unreviewed
CVE-2018-16971
was published
May 13, 2022
In ProConf before 6.1, an Insecure Direct Object Reference (IDOR) allows any author to view and...
Moderate
Unreviewed
CVE-2018-16606
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API