GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,077
Composer 4,076
Erlang 29
GitHub Actions 19
Go 1,895
Maven 5,095
npm 3,630
NuGet 638
pip 3,244
Pub 10
RubyGems 862
Rust 818
Swift 35

Unreviewed advisories

All unreviewed 228,405

CC-BY-4.0 License

Language support

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

455 advisories

Filter by severity

Sort by

Least recently updated

Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... High Unreviewed

CVE-2021-36032 was published May 24, 2022

The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP... Moderate Unreviewed

CVE-2022-2877 was published Sep 17, 2022

The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address... Moderate Unreviewed

CVE-2022-2913 was published Sep 17, 2022

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles... Moderate Unreviewed

CVE-2020-14174 was published May 24, 2022

The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and... Low Unreviewed

CVE-2022-3343 was published Jan 10, 2023

An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change... Critical Unreviewed

CVE-2022-38789 was published Sep 16, 2022

An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code... High Unreviewed

CVE-2019-15310 was published May 24, 2022

An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows... Moderate Unreviewed

CVE-2020-27742 was published May 24, 2022

An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >=... Moderate Unreviewed

CVE-2020-13357 was published May 24, 2022

A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software... Moderate Unreviewed

CVE-2020-26068 was published May 24, 2022

In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download... Moderate Unreviewed

CVE-2020-26178 was published May 24, 2022

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the... Moderate Unreviewed

CVE-2020-36231 was published May 24, 2022

Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. Moderate Unreviewed

CVE-2021-3813 was published Feb 10, 2022

Two authorization bypass through user-controlled key vulnerabilities in the Fortinet... Moderate Unreviewed

CVE-2020-6641 was published May 24, 2022

An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed

CVE-2021-31927 was published May 24, 2022

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object... Moderate Unreviewed

CVE-2021-35337 was published May 24, 2022

The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing... Moderate Unreviewed

CVE-2021-24473 was published May 24, 2022

Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user... High Unreviewed

CVE-2021-36801 was published May 24, 2022

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)... High Unreviewed

CVE-2021-37214 was published May 24, 2022

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed

CVE-2021-37212 was published May 24, 2022

Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0... Moderate Unreviewed

CVE-2022-36284 was published Aug 6, 2022

The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference... High Unreviewed

CVE-2021-22023 was published May 24, 2022

OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via... Moderate Unreviewed

CVE-2021-40352 was published May 24, 2022

The forgot password token basically just makes us capable of taking over the account of whoever... High Unreviewed

CVE-2022-3019 was published Aug 29, 2022

An insecure, direct object vulnerability in hunting/fishing license retrieval function of the ... Moderate Unreviewed

CVE-2021-33981 was published May 24, 2022

Previous 1 2 3 4 5 … 18 19 Next

ProTip! Advisories are also available from the GraphQL API

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

455 advisories