Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

170 advisories

Loading
Algan Yazılım Prens Student Information System product has an authenticated Insecure Direct... High Unreviewed
CVE-2022-2808 was published Jul 6, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering... High Unreviewed
CVE-2023-6724 was published Feb 9, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED... High Unreviewed
CVE-2023-6515 was published Feb 8, 2024
Magento 2 Community Edition Access Control Bypass High
CVE-2019-7950 was published for magento/community-edition (Composer) May 24, 2022
Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder... High Unreviewed
CVE-2024-22305 was published Jan 31, 2024
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A... High Unreviewed
CVE-2023-50342 was published Jan 3, 2024
An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an... High Unreviewed
CVE-2023-45892 was published Jan 2, 2024
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal... High Unreviewed
CVE-2023-45893 was published Jan 2, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate... High Unreviewed
CVE-2023-49251 was published Jan 9, 2024
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe... High Unreviewed
CVE-2023-51502 was published Jan 5, 2024
AsyncSSH Rogue Session Attack High
CVE-2023-46446 was published for asyncssh (pip) Nov 9, 2023
TrueSkrillor lambdafu
Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference... High Unreviewed
CVE-2023-48641 was published Dec 12, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions... High Unreviewed
CVE-2023-35914 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully... High Unreviewed
CVE-2023-35916 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This... High Unreviewed
CVE-2023-37871 was published Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square... High Unreviewed
CVE-2023-35876 was published Dec 20, 2023
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object... High Unreviewed
CVE-2023-6929 was published Dec 20, 2023
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier)... High Unreviewed
CVE-2023-38218 was published Oct 13, 2023
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of... High Unreviewed
CVE-2023-38884 was published Nov 20, 2023
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <=... High Unreviewed
CVE-2023-45380 was published Nov 8, 2023
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted... High Unreviewed
CVE-2023-46478 was published Oct 31, 2023
Sensitive information disclosure and manipulation due to improper authorization. The following... High Unreviewed
CVE-2023-44206 was published Sep 27, 2023
Netmaker IDOR Allows User to Update Other User's Password High
CVE-2023-32078 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event... High Unreviewed
CVE-2023-2260 was published Apr 24, 2023
ProTip! Advisories are also available from the GraphQL API