Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,613
NuGet
638
pip
3,210
Pub
10
RubyGems
854
Rust
817
Swift
35
Unreviewed advisories
All unreviewed
5,000+

534 advisories

Loading
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to... High Unreviewed
CVE-2023-38047 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38054 was published Jul 9, 2024
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged... Critical Unreviewed
CVE-2023-3287 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,... Critical Unreviewed
CVE-2023-38052 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38050 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38048 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user... Critical Unreviewed
CVE-2023-38051 was published Jul 9, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify... Moderate Unreviewed
CVE-2024-31898 was published Jun 30, 2024
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2024-5942 was published Jun 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS... High Unreviewed
CVE-2024-1107 was published Jun 27, 2024
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2024-4874 was published Jun 22, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability Moderate
CVE-2024-38874 was published for jweiland/events2 (Composer) Jun 21, 2024
iusx
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2024-5639 was published Jun 21, 2024
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any ... Moderate Unreviewed
CVE-2023-49112 was published Jun 20, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel Low
CVE-2024-29181 was published for @strapi/plugin-content-manager (npm) Jun 12, 2024
felixdkatt derrickmehaffy
Bassel17 christiancp100
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects... Moderate Unreviewed
CVE-2024-35659 was published Jun 8, 2024
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5438 was published Jun 7, 2024
The contains an IDOR vulnerability that allows a user to comment on a private post by... Moderate Unreviewed
CVE-2024-4886 was published Jun 5, 2024
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation Moderate
GHSA-g4hp-pfvf-vm5w was published for silverstripe/framework (Composer) May 23, 2024
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11... Moderate Unreviewed
CVE-2024-5258 was published May 23, 2024
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across... Moderate Unreviewed
CVE-2024-5166 was published May 22, 2024
ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct... Moderate Unreviewed
CVE-2024-4843 was published May 16, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability Moderate
CVE-2024-28087 was published for org.bonitasoft.engine:bonita-server (Maven) May 15, 2024
Grafana API IDOR Moderate
CVE-2022-21713 was published for github.com/grafana/grafana (Go) May 14, 2024
ProTip! Advisories are also available from the GraphQL API