GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
454 advisories
Filter by severity
Improper key usage control in AMD Secure Processor
(ASP) may allow an attacker with local access...
Moderate
Unreviewed
CVE-2024-21981
was published
Aug 13, 2024
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows...
Moderate
Unreviewed
CVE-2024-39642
was published
Aug 13, 2024
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605....
Moderate
Unreviewed
CVE-2024-7658
was published
Aug 12, 2024
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior...
Moderate
Unreviewed
CVE-2024-3035
was published
Aug 8, 2024
Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence.
Moderate
Unreviewed
CVE-2024-6357
was published
Aug 6, 2024
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic....
Moderate
Unreviewed
CVE-2024-7438
was published
Aug 3, 2024
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4....
Moderate
Unreviewed
CVE-2024-7437
was published
Aug 3, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects...
Moderate
Unreviewed
CVE-2024-38701
was published
Jul 22, 2024
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a...
Moderate
Unreviewed
CVE-2024-34457
was published
Jul 22, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5977
was published
Jul 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer...
Critical
Unreviewed
CVE-2024-5619
was published
Jul 18, 2024
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request...
High
Unreviewed
CVE-2024-38447
was published
Jul 17, 2024
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and...
Moderate
Unreviewed
CVE-2024-21759
was published
Jul 9, 2024
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment...
High
Unreviewed
CVE-2023-3285
was published
Jul 9, 2024
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any...
High
Unreviewed
CVE-2023-3289
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to...
High
Unreviewed
CVE-2023-38047
was published
Jul 9, 2024
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged...
High
Unreviewed
CVE-2023-3286
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38054
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38053
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38048
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,...
Critical
Unreviewed
CVE-2023-38052
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38050
was published
Jul 9, 2024
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged...
Moderate
Unreviewed
CVE-2023-3290
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user...
Critical
Unreviewed
CVE-2023-38051
was published
Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ...
High
Unreviewed
CVE-2023-3288
was published
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API