Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

542 advisories

Loading
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38048 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38050 was published Jul 9, 2024
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment... High Unreviewed
CVE-2023-3285 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user... Critical Unreviewed
CVE-2023-38051 was published Jul 9, 2024
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any... High Unreviewed
CVE-2023-3289 was published Jul 9, 2024
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2024-5942 was published Jun 29, 2024
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and... Moderate Unreviewed
CVE-2024-21759 was published Jul 9, 2024
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer... Critical Unreviewed
CVE-2024-5619 was published Jul 18, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5977 was published Jul 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects... Moderate Unreviewed
CVE-2024-38701 was published Jul 22, 2024
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures Moderate
CVE-2024-40430 was published for github.com/drakkan/sftpgo/v2 (Go) Jul 22, 2024 withdrawn
drakkan
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control... High Unreviewed
CVE-2024-32166 was published Apr 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating... Critical Unreviewed
CVE-2024-31095 was published Mar 31, 2024
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request... High Unreviewed
CVE-2024-38447 was published Jul 17, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability Moderate
CVE-2024-38874 was published for jweiland/events2 (Composer) Jun 21, 2024
iusx
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19... High Unreviewed
CVE-2022-41479 was published Oct 18, 2022
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. Moderate Unreviewed
CVE-2024-6357 was published Aug 6, 2024
Grafana: Users outside an organization can delete a snapshot with its key Moderate
CVE-2024-1313 was published for github.com/grafana/grafana (Go) Apr 5, 2024
jaypanu42 PlayerX555
aviv320i
OpenSearch Observability does not properly restrict access to private tenant resources Moderate
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources Moderate
CVE-2024-39900 was published for org.opensearch.plugin:opensearch-reports-scheduler (Maven) Jul 18, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior... Moderate Unreviewed
CVE-2024-3035 was published Aug 8, 2024
Cache driver GetBlob() allows read access to any blob without access control check Moderate
CVE-2024-39897 was published for zotregistry.dev/zot (Go) Jul 9, 2024
bburky
ProTip! Advisories are also available from the GraphQL API