GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
540 advisories
Filter by severity
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user...
High
Unreviewed
CVE-2021-36801
was published
May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37212
was published
May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)...
High
Unreviewed
CVE-2021-37214
was published
May 24, 2022
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0...
Moderate
Unreviewed
CVE-2022-36284
was published
Aug 6, 2022
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference...
High
Unreviewed
CVE-2021-22023
was published
May 24, 2022
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via...
Moderate
Unreviewed
CVE-2021-40352
was published
May 24, 2022
The forgot password token basically just makes us capable of taking over the account of whoever...
High
Unreviewed
CVE-2022-3019
was published
Aug 29, 2022
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the ...
Moderate
Unreviewed
CVE-2021-33981
was published
May 24, 2022
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message...
Moderate
Unreviewed
CVE-2022-2080
was published
Aug 29, 2022
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete...
Moderate
Unreviewed
CVE-2021-24318
was published
May 24, 2022
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An...
Critical
Unreviewed
CVE-2021-37184
was published
May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter...
High
Unreviewed
CVE-2021-40355
was published
May 24, 2022
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain...
Moderate
Unreviewed
CVE-2021-29773
was published
May 24, 2022
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is...
Critical
Unreviewed
CVE-2021-41301
was published
May 24, 2022
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference...
Moderate
Unreviewed
CVE-2021-39889
was published
May 24, 2022
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin...
High
Unreviewed
CVE-2021-36874
was published
May 24, 2022
ECOA BAS controller is vulnerable to insecure direct object references that occur when the...
High
Unreviewed
CVE-2021-41298
was published
May 24, 2022
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by...
High
Unreviewed
CVE-2021-37777
was published
May 24, 2022
kimai2 is vulnerable to Improper Access Control
Moderate
CVE-2021-3992
was published
for
kevinpapst/kimai2
(Composer)
Dec 3, 2021
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers...
High
Unreviewed
CVE-2021-41307
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to...
High
Unreviewed
CVE-2021-41305
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to...
High
Unreviewed
CVE-2021-41306
was published
May 24, 2022
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the...
Moderate
Unreviewed
CVE-2021-24840
was published
May 24, 2022
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to...
Moderate
Unreviewed
CVE-2021-3380
was published
May 24, 2022
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users...
Moderate
Unreviewed
CVE-2022-1580
was published
Sep 20, 2022
ProTip!
Advisories are also available from the
GraphQL API