Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

120 advisories

Loading
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to... High Unreviewed
CVE-2005-1668 was published May 1, 2022
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images... Moderate Unreviewed
CVE-2004-2257 was published Apr 29, 2022
FlatNuke 2.5.3 allows remote attackers to cause a denial of service or obtain sensitive... Moderate Unreviewed
CVE-2005-1892 was published May 1, 2022
In affected Ops Manager versions there is an exposed http route was that may allow attackers to... Moderate Unreviewed
CVE-2019-2388 was published May 24, 2022
IBM PowerSC 1.3, 2.0, and 2.1 fails to properly restrict access to a URL or resource, which may... Moderate Unreviewed
CVE-2023-50935 was published Feb 2, 2024
Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to... Critical Unreviewed
CVE-2024-0204 was published Jan 22, 2024
MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files... Moderate Unreviewed
CVE-2002-1798 was published Apr 30, 2022
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system... High Unreviewed
CVE-2004-2144 was published Apr 29, 2022
Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML... Critical Unreviewed
CVE-2024-24592 was published Feb 6, 2024
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive... Moderate Unreviewed
CVE-2023-46186 was published Feb 14, 2024
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/... Moderate Unreviewed
CVE-2019-16388 was published May 24, 2022
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso... Moderate Unreviewed
CVE-2019-16386 was published May 24, 2022
Missing Access Control in the "Free Time" component of several Zyxel UAG, USG, and ZyWall devices... Critical Unreviewed
CVE-2019-12583 was published May 24, 2022
In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a... Moderate Unreviewed
CVE-2019-13981 was published May 24, 2022
eClass platform < ip.2.5.10.2.1 allows an attacker to use GETS method to request /admin page to... Critical Unreviewed
CVE-2019-9884 was published May 24, 2022
A security feature bypass vulnerability exists when Microsoft Browsers fail to validate the... Moderate Unreviewed
CVE-2019-1220 was published May 24, 2022
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated... Moderate Unreviewed
CVE-2019-17503 was published May 24, 2022
The Contour Service was not checking that users had permission to create an analysis for a given... Moderate Unreviewed
CVE-2023-22834 was published Jun 27, 2023
JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a... Moderate Unreviewed
CVE-2015-1313 was published Jun 29, 2023
The DoLogin Security WordPress plugin before 3.7.1 does not restrict the access of a widget that... Moderate Unreviewed
CVE-2023-4800 was published Oct 16, 2023
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed... Moderate Unreviewed
CVE-2024-2730 was published Apr 10, 2024
A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20230809. It... Moderate Unreviewed
CVE-2023-4544 was published Aug 26, 2023
Silverstripe Forum Module CSRF Vulnerability Moderate
GHSA-w8fq-xgvh-cxc2 was published for silverstripe/forum (Composer) May 23, 2024
Silverstripe Missing security check on dev/build/defaults Moderate
GHSA-x5w2-wcr8-9q45 was published for silverstripe/framework (Composer) May 23, 2024
A vulnerability was found in Parsec Automation TrackSYS 11.x.x and classified as problematic.... Moderate Unreviewed
CVE-2024-6188 was published Jun 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database