Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

1,684 advisories

Loading
Missing permission checks in MongoDB Plugin Moderate
CVE-2020-2267 was published for org.jenkins-ci.plugins:mongodb (Maven) May 24, 2022
NotMyFault
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks... Moderate Unreviewed
CVE-2022-22535 was published Feb 11, 2022
Missing permission check in Perfecto Plugin Moderate
CVE-2020-2260 was published for io.jenkins.plugins:perfecto (Maven) May 24, 2022
NotMyFault
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before... Moderate Unreviewed
CVE-2019-8445 was published May 24, 2022
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via... Moderate Unreviewed
CVE-2019-14786 was published May 24, 2022
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which... Moderate Unreviewed
CVE-2021-24842 was published Nov 30, 2021
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct... Moderate Unreviewed
CVE-2019-4158 was published May 24, 2022
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and... Moderate Unreviewed
CVE-2019-18790 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query... Moderate Unreviewed
CVE-2020-15338 was published Sep 30, 2022
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows... Moderate Unreviewed
CVE-2021-27598 was published May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query... Moderate Unreviewed
CVE-2020-15337 was published Sep 30, 2022
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation... Moderate Unreviewed
CVE-2021-24790 was published Dec 14, 2021
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0... Moderate Unreviewed
CVE-2019-15013 was published May 24, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12... Moderate Unreviewed
CVE-2019-15576 was published May 24, 2022
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed... Moderate Unreviewed
CVE-2019-19985 was published May 24, 2022
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing... Moderate Unreviewed
CVE-2022-4555 was published Dec 20, 2022
In multiple locations of DreamManagerService.java, there is a missing permission check. This... Moderate Unreviewed
CVE-2022-20504 was published Dec 20, 2022
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing... Moderate Unreviewed
CVE-2022-4501 was published Dec 14, 2022
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6... Moderate Unreviewed
CVE-2019-5470 was published May 24, 2022
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users ... Moderate Unreviewed
CVE-2020-9457 was published May 24, 2022
Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts... Moderate Unreviewed
CVE-2020-8439 was published May 24, 2022
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote... Moderate Unreviewed
CVE-2020-6393 was published May 24, 2022
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote... Moderate Unreviewed
CVE-2020-9458 was published May 24, 2022
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users ... Moderate Unreviewed
CVE-2020-9455 was published May 24, 2022
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a... Moderate Unreviewed
CVE-2020-10073 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API