Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

308 advisories

Loading
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles... Moderate Unreviewed
CVE-2020-14174 was published May 24, 2022
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows... Moderate Unreviewed
CVE-2020-27742 was published May 24, 2022
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software... Moderate Unreviewed
CVE-2020-26068 was published May 24, 2022
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >=... Moderate Unreviewed
CVE-2020-13357 was published May 24, 2022
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download... Moderate Unreviewed
CVE-2020-26178 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the... Moderate Unreviewed
CVE-2020-36231 was published May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module Moderate
CVE-2021-21022 was published for magento/community-edition (Composer) May 24, 2022
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability... Moderate Unreviewed
CVE-2020-8297 was published May 24, 2022
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete... Moderate Unreviewed
CVE-2021-24318 was published May 24, 2022
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet... Moderate Unreviewed
CVE-2020-6641 was published May 24, 2022
Windows TCP/IP Driver Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2021-31970 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed
CVE-2021-31927 was published May 24, 2022
JetPack Exposure of Resource to Wrong Sphere Moderate
CVE-2021-24374 was published for automattic/jetpack (Composer) May 24, 2022
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2021-35337 was published May 24, 2022
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing... Moderate Unreviewed
CVE-2021-24473 was published May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed
CVE-2021-37212 was published May 24, 2022
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via... Moderate Unreviewed
CVE-2021-40352 was published May 24, 2022
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the ... Moderate Unreviewed
CVE-2021-33981 was published May 24, 2022
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain... Moderate Unreviewed
CVE-2021-29773 was published May 24, 2022
Windows Key Storage Provider Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2021-38624 was published May 24, 2022
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference... Moderate Unreviewed
CVE-2021-39889 was published May 24, 2022
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed... Moderate Unreviewed
CVE-2021-36387 was published May 24, 2022
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the... Moderate Unreviewed
CVE-2021-24840 was published May 24, 2022
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to... Moderate Unreviewed
CVE-2021-3380 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API