Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

308 advisories

Loading
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete... Moderate Unreviewed
CVE-2021-24318 was published May 24, 2022
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain... Moderate Unreviewed
CVE-2021-29773 was published May 24, 2022
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference... Moderate Unreviewed
CVE-2021-39889 was published May 24, 2022
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the... Moderate Unreviewed
CVE-2021-24840 was published May 24, 2022
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to... Moderate Unreviewed
CVE-2021-3380 was published May 24, 2022
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users... Moderate Unreviewed
CVE-2022-1580 was published Sep 20, 2022
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy ... Moderate Unreviewed
CVE-2022-2198 was published Aug 23, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed
CVE-2021-37213 was published May 24, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2021-37215 was published May 24, 2022
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an... Moderate Unreviewed
CVE-2022-3930 was published Dec 12, 2022
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object... Moderate Unreviewed
CVE-2022-42067 was published Oct 14, 2022
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on... Moderate Unreviewed
CVE-2022-40205 was published Nov 9, 2022
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX... Moderate Unreviewed
CVE-2022-3794 was published Dec 22, 2022
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on... Moderate Unreviewed
CVE-2022-40206 was published Nov 9, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate
CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing... Moderate Unreviewed
CVE-2022-4097 was published Dec 12, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to... Moderate Unreviewed
CVE-2019-9921 was published May 13, 2022
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although... Moderate Unreviewed
CVE-2022-23061 was published May 3, 2022
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0... Moderate Unreviewed
CVE-2022-2499 was published Aug 6, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions... Moderate Unreviewed
CVE-2022-1352 was published May 12, 2022
Authorization Bypass Through User-Controlled Key in Bagisto Moderate
CVE-2019-16403 was published for bagisto/bagisto (Composer) Nov 8, 2019
IDOR can reveal execution data and logs to unauthorized user in Rundeck Moderate
CVE-2020-11009 was published for org.rundeck:rundeck (Maven) Apr 29, 2020
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network... Moderate Unreviewed
CVE-2019-9938 was published May 13, 2022
Authorization Bypass in Liferay Portal Moderate
CVE-2022-42129 was published for com.liferay.portal:release.portal.bom (Maven) Nov 15, 2022
ProTip! Advisories are also available from the GraphQL API