Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

540 advisories

Loading
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote... High Unreviewed
CVE-2022-2193 was published Jul 20, 2022
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the... High Unreviewed
CVE-2021-24655 was published Jul 18, 2022
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists... Moderate Unreviewed
CVE-2022-1881 was published Jul 16, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object... Moderate Unreviewed
CVE-2022-33944 was published Jul 21, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object... Moderate Unreviewed
CVE-2022-34150 was published Jul 21, 2022
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects... Moderate Unreviewed
CVE-2017-20101 was published Jun 28, 2022
Known v1.3.1 contains Insecure Direct Object Reference Moderate
CVE-2022-30852 was published for idno/known (Composer) Jul 9, 2022
this vulnerability affect user that even not allowed to access via the web interface. First of... Moderate Unreviewed
CVE-2022-23173 was published Jul 7, 2022
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass... High Unreviewed
CVE-2022-29008 was published May 12, 2022
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low... Moderate Unreviewed
CVE-2022-31883 was published Jun 29, 2022
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated... High Unreviewed
CVE-2022-31295 was published Jun 17, 2022
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP... High Unreviewed
CVE-2022-1614 was published Jun 21, 2022
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016... Moderate Unreviewed
CVE-2022-30760 was published Jun 10, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21013 was published May 24, 2022
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to... Moderate Unreviewed
CVE-2022-29627 was published Jun 3, 2022
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ... Critical Unreviewed
CVE-2022-30495 was published May 27, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21012 was published May 24, 2022
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to... High Unreviewed
CVE-2021-24739 was published Dec 22, 2021
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions... Moderate Unreviewed
CVE-2022-3995 was published Nov 29, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to... Moderate Unreviewed
CVE-2021-24800 was published Apr 26, 2022
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6... High Unreviewed
CVE-2022-1459 was published Apr 26, 2022
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to... Moderate Unreviewed
CVE-2022-1461 was published Apr 26, 2022
The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from... High Unreviewed
CVE-2022-24187 was published Nov 29, 2022
ProTip! Advisories are also available from the GraphQL API