GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,684 advisories
Filter by severity
Missing permission checks in MongoDB Plugin
Moderate
CVE-2020-2267
was published
for
org.jenkins-ci.plugins:mongodb
(Maven)
May 24, 2022
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks...
Moderate
Unreviewed
CVE-2022-22535
was published
Feb 11, 2022
Missing permission check in Perfecto Plugin
Moderate
CVE-2020-2260
was published
for
io.jenkins.plugins:perfecto
(Maven)
May 24, 2022
Several worklog rest resources in Jira before version 7.13.7, and from version 8.0.0 before...
Moderate
Unreviewed
CVE-2019-8445
was published
May 24, 2022
The Rank Math SEO plugin 1.0.27 for WordPress allows non-admin users to reset the settings via...
Moderate
Unreviewed
CVE-2019-14786
was published
May 24, 2022
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which...
Moderate
Unreviewed
CVE-2021-24842
was published
Nov 30, 2021
IBM Security Access Manager 9.0.1 through 9.0.6 does not prove that a user's identity is correct...
Moderate
Unreviewed
CVE-2019-4158
was published
May 24, 2022
An issue was discovered in channels/chan_sip.c in Sangoma Asterisk 13.x, 16.x, and 17.x, and...
Moderate
Unreviewed
CVE-2019-18790
was published
May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query...
Moderate
Unreviewed
CVE-2020-15338
was published
Sep 30, 2022
SAP NetWeaver AS JAVA (Customer Usage Provisioning Servlet), versions - 7.31, 7.40, 7.50, allows...
Moderate
Unreviewed
CVE-2021-27598
was published
May 24, 2022
Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query...
Moderate
Unreviewed
CVE-2020-15337
was published
Sep 30, 2022
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation...
Moderate
Unreviewed
CVE-2021-24790
was published
Dec 14, 2021
The WorkflowResource class removeStatus method in Jira before version 7.13.12, from version 8.0.0...
Moderate
Unreviewed
CVE-2019-15013
was published
May 24, 2022
An information disclosure vulnerability exists in GitLab CE/EE <v12.3.2, <v12.2.6, and <v12.1.12...
Moderate
Unreviewed
CVE-2019-15576
was published
May 24, 2022
The WordPress plugin, Email Subscribers & Newsletters, before 4.2.3 had a flaw that allowed...
Moderate
Unreviewed
CVE-2019-19985
was published
May 24, 2022
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing...
Moderate
Unreviewed
CVE-2022-4555
was published
Dec 20, 2022
In multiple locations of DreamManagerService.java, there is a missing permission check. This...
Moderate
Unreviewed
CVE-2022-20504
was published
Dec 20, 2022
The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing...
Moderate
Unreviewed
CVE-2022-4501
was published
Dec 14, 2022
An information disclosure issue was discovered GitLab versions < 12.1.2, < 12.0.4, and < 11.11.6...
Moderate
Unreviewed
CVE-2019-5470
was published
May 24, 2022
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users ...
Moderate
Unreviewed
CVE-2020-9457
was published
May 24, 2022
Monstra CMS through 3.0.4 allows remote authenticated users to take over arbitrary user accounts...
Moderate
Unreviewed
CVE-2020-8439
was published
May 24, 2022
Insufficient policy enforcement in Blink in Google Chrome prior to 80.0.3987.87 allowed a remote...
Moderate
Unreviewed
CVE-2020-6393
was published
May 24, 2022
In the RegistrationMagic plugin through 4.6.0.3 for WordPress, the export function allows remote...
Moderate
Unreviewed
CVE-2020-9458
was published
May 24, 2022
The RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote authenticated users ...
Moderate
Unreviewed
CVE-2020-9455
was published
May 24, 2022
GitLab EE 12.4.2 through 12.8.1 allows Denial of Service. It was internally discovered that a...
Moderate
Unreviewed
CVE-2020-10073
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API