GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
308 advisories
Filter by severity
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully...
Moderate
Unreviewed
CVE-2023-51503
was published
Dec 31, 2023
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to...
Moderate
Unreviewed
CVE-2023-46646
was published
Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce...
Moderate
Unreviewed
CVE-2023-32747
was published
Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress...
Moderate
Unreviewed
CVE-2023-47191
was published
Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP...
Moderate
Unreviewed
CVE-2023-49765
was published
Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple...
Moderate
Unreviewed
CVE-2023-32799
was published
Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial...
Moderate
Unreviewed
CVE-2023-36520
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media...
Moderate
Unreviewed
CVE-2023-38513
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart...
Moderate
Unreviewed
CVE-2023-41796
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects...
Moderate
Unreviewed
CVE-2022-43450
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap...
Moderate
Unreviewed
CVE-2023-49812
was published
Dec 19, 2023
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to...
Moderate
Unreviewed
CVE-2023-46701
was published
Dec 12, 2023
Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view...
Moderate
Unreviewed
CVE-2023-6341
was published
Nov 30, 2023
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure...
Moderate
Unreviewed
CVE-2023-6226
was published
Nov 28, 2023
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a...
Moderate
Unreviewed
CVE-2023-33706
was published
Nov 24, 2023
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows...
Moderate
Unreviewed
CVE-2023-47316
was published
Nov 22, 2023
Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized...
Moderate
Unreviewed
CVE-2023-43900
was published
Nov 14, 2023
Moodle Cross-site Scripting vulnerability
Moderate
CVE-2023-5544
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal...
Moderate
Unreviewed
CVE-2023-41356
was published
Nov 3, 2023
The WordPress File Sharing Plugin WordPress plugin before 2.0.5 does not check authorization...
Moderate
Unreviewed
CVE-2023-4836
was published
Oct 31, 2023
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a...
Moderate
Unreviewed
CVE-2023-3869
was published
Oct 20, 2023
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a...
Moderate
Unreviewed
CVE-2023-3998
was published
Oct 20, 2023
A flaw in the TETRA authentication procecure allows a MITM adversary that can predict the MS...
Moderate
Unreviewed
CVE-2022-24400
was published
Oct 19, 2023
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post contents to be displayed...
Moderate
Unreviewed
CVE-2023-3707
was published
Oct 16, 2023
The ActivityPub WordPress plugin before 1.0.0 does not ensure that post titles to be displayed...
Moderate
Unreviewed
CVE-2023-3706
was published
Oct 16, 2023
ProTip!
Advisories are also available from the
GraphQL API