Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

2,305 advisories

Loading
Plone and Zope2 vulnerable to unauthorized access to restricted attributes High
CVE-2012-5489 was published for Plone (pip) Jul 23, 2018
Improper Authorization in aedes Moderate
CVE-2018-3778 was published for aedes (npm) Aug 15, 2018
tdunlap607
Paramiko Authentication Bypass vulnerability High
CVE-2018-1000805 was published for paramiko (pip) Oct 10, 2018
Spring Framework when used in combination with any versions of Spring Security contains an authorization bypass High
CVE-2018-1258 was published for org.springframework:spring-core (Maven) Oct 17, 2018
MarkLee131 sunSUNQ
Cleartext Transmission of Sensitive Information in Apache nifi High
CVE-2018-17195 was published for org.apache.nifi:nifi (Maven) Dec 20, 2018
MarkLee131
Potential session hijack in Apache CXF Critical
CVE-2019-12419 was published for org.apache.cxf:cxf (Maven) Nov 8, 2019
Information disclosure issue in Active Resource High
CVE-2020-8151 was published for activeresource (RubyGems) May 21, 2020
Authorization bypass in express-jwt High
CVE-2020-15084 was published for express-jwt (npm) Jun 30, 2020
GraphQL: Security breach on Viewer query Moderate
CVE-2020-15126 was published for parse-server (npm) Jul 22, 2020
Moumouls
Possible pod name collisions in jupyterhub-kubespawner High
CVE-2020-15110 was published for jupyterhub-kubespawner (pip) Jul 22, 2020
Authorization Bypass in I hate money Moderate
CVE-2020-15120 was published for ihatemoney (pip) Jul 27, 2020
zorun
Incorrect access control in typo3_forum Moderate
CVE-2020-15513 was published for mittwald/typo3_forum (Composer) Jul 29, 2020
Information Disclosure in TYPO3 extension sf_event_mgt Moderate
CVE-2020-25026 was published for derhansen/sf_event_mgt (Composer) Sep 2, 2020
derhansen
Invalid root may become trusted root in The Update Framework (TUF) Moderate
CVE-2020-15163 was published for tuf (pip) Sep 9, 2020
FlorianVeaux
Android WebView Universal Cross-site Scripting Moderate
CVE-2020-6506 was published for react-native-webview (npm) Oct 2, 2020
alesandroortiz
Privilege Escalation in Channelmgnt plug-in for Sopel Moderate
CVE-2020-15251 was published for sopel-plugins-channelmgnt (pip) Oct 13, 2020
RhinosF1
Authorization bypass in Spree High
CVE-2020-26223 was published for spree_api (RubyGems) Nov 13, 2020
Privilege escalation by backend users assigned to the default "Publisher" system role Low
CVE-2020-15248 was published for october/backend (Composer) Nov 23, 2020
Local File Inclusion by unauthenticated users High
CVE-2020-15246 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Base class whitelist configuration ignored in OAuthenticator High
CVE-2020-26250 was published for oauthenticator (pip) Dec 1, 2020
Authenticated Privilege Escalation Low
GHSA-5q58-x5h2-v5rx was published for shopware/core (Composer) Dec 21, 2020
Exposure of Sensitive Information to an Unauthorized Actor Moderate
CVE-2021-22134 was published for org.elasticsearch:elasticsearch (Maven) Mar 18, 2021
Privilage Escalation in moodle Moderate
CVE-2020-25701 was published for moodle/moodle (Composer) Mar 29, 2021
Privilage Escalation in moodle High
CVE-2020-25699 was published for moodle/moodle (Composer) Mar 29, 2021
Moodle allowed some users without permission to view other users' full names Moderate
CVE-2021-20281 was published for moodle/moodle (Composer) Mar 29, 2021
ProTip! Advisories are also available from the GraphQL API