GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
455 advisories
Filter by severity
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
High
Unreviewed
CVE-2021-36032
was published
May 24, 2022
The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP...
Moderate
Unreviewed
CVE-2022-2877
was published
Sep 17, 2022
The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address...
Moderate
Unreviewed
CVE-2022-2913
was published
Sep 17, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles...
Moderate
Unreviewed
CVE-2020-14174
was published
May 24, 2022
The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and...
Low
Unreviewed
CVE-2022-3343
was published
Jan 10, 2023
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change...
Critical
Unreviewed
CVE-2022-38789
was published
Sep 16, 2022
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code...
High
Unreviewed
CVE-2019-15310
was published
May 24, 2022
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows...
Moderate
Unreviewed
CVE-2020-27742
was published
May 24, 2022
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >=...
Moderate
Unreviewed
CVE-2020-13357
was published
May 24, 2022
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software...
Moderate
Unreviewed
CVE-2020-26068
was published
May 24, 2022
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download...
Moderate
Unreviewed
CVE-2020-26178
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the...
Moderate
Unreviewed
CVE-2020-36231
was published
May 24, 2022
Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.
Moderate
Unreviewed
CVE-2021-3813
was published
Feb 10, 2022
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet...
Moderate
Unreviewed
CVE-2020-6641
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience...
Moderate
Unreviewed
CVE-2021-31927
was published
May 24, 2022
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object...
Moderate
Unreviewed
CVE-2021-35337
was published
May 24, 2022
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing...
Moderate
Unreviewed
CVE-2021-24473
was published
May 24, 2022
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user...
High
Unreviewed
CVE-2021-36801
was published
May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)...
High
Unreviewed
CVE-2021-37214
was published
May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37212
was published
May 24, 2022
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0...
Moderate
Unreviewed
CVE-2022-36284
was published
Aug 6, 2022
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference...
High
Unreviewed
CVE-2021-22023
was published
May 24, 2022
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via...
Moderate
Unreviewed
CVE-2021-40352
was published
May 24, 2022
The forgot password token basically just makes us capable of taking over the account of whoever...
High
Unreviewed
CVE-2022-3019
was published
Aug 29, 2022
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the ...
Moderate
Unreviewed
CVE-2021-33981
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API