GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
308 advisories
Filter by severity
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete...
Moderate
Unreviewed
CVE-2021-24318
was published
May 24, 2022
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain...
Moderate
Unreviewed
CVE-2021-29773
was published
May 24, 2022
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference...
Moderate
Unreviewed
CVE-2021-39889
was published
May 24, 2022
kimai2 is vulnerable to Improper Access Control
Moderate
CVE-2021-3992
was published
for
kevinpapst/kimai2
(Composer)
Dec 3, 2021
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the...
Moderate
Unreviewed
CVE-2021-24840
was published
May 24, 2022
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to...
Moderate
Unreviewed
CVE-2021-3380
was published
May 24, 2022
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users...
Moderate
Unreviewed
CVE-2022-1580
was published
Sep 20, 2022
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy ...
Moderate
Unreviewed
CVE-2022-2198
was published
Aug 23, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37213
was published
May 24, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2021-37215
was published
May 24, 2022
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an...
Moderate
Unreviewed
CVE-2022-3930
was published
Dec 12, 2022
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object...
Moderate
Unreviewed
CVE-2022-42067
was published
Oct 14, 2022
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on...
Moderate
Unreviewed
CVE-2022-40205
was published
Nov 9, 2022
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX...
Moderate
Unreviewed
CVE-2022-3794
was published
Dec 22, 2022
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on...
Moderate
Unreviewed
CVE-2022-40206
was published
Nov 9, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
Moderate
CVE-2019-16546
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing...
Moderate
Unreviewed
CVE-2022-4097
was published
Dec 12, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to...
Moderate
Unreviewed
CVE-2019-9921
was published
May 13, 2022
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although...
Moderate
Unreviewed
CVE-2022-23061
was published
May 3, 2022
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0...
Moderate
Unreviewed
CVE-2022-2499
was published
Aug 6, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions...
Moderate
Unreviewed
CVE-2022-1352
was published
May 12, 2022
Authorization Bypass Through User-Controlled Key in Bagisto
Moderate
CVE-2019-16403
was published
for
bagisto/bagisto
(Composer)
Nov 8, 2019
IDOR can reveal execution data and logs to unauthorized user in Rundeck
Moderate
CVE-2020-11009
was published
for
org.rundeck:rundeck
(Maven)
Apr 29, 2020
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network...
Moderate
Unreviewed
CVE-2019-9938
was published
May 13, 2022
Authorization Bypass in Liferay Portal
Moderate
CVE-2022-42129
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Nov 15, 2022
ProTip!
Advisories are also available from the
GraphQL API