GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
540 advisories
Filter by severity
Kiuwan provides an API endpoint
/saas/rest/v1/info/application
to get information about any ...
Moderate
Unreviewed
CVE-2023-49112
was published
Jun 20, 2024
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to...
High
Unreviewed
CVE-2024-24312
was published
May 1, 2024
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to...
High
Unreviewed
CVE-2024-33383
was published
Apr 30, 2024
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows...
High
Unreviewed
CVE-2024-28320
was published
Apr 29, 2024
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially...
Critical
Unreviewed
CVE-2024-33668
was published
Apr 26, 2024
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed...
Moderate
Unreviewed
CVE-2021-36387
was published
May 24, 2022
Windows TCP/IP Driver Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2021-31970
was published
May 24, 2022
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify...
Moderate
Unreviewed
CVE-2024-31898
was published
Jun 30, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS...
High
Unreviewed
CVE-2024-1107
was published
Jun 27, 2024
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all...
Moderate
Unreviewed
CVE-2024-4874
was published
Jun 22, 2024
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference...
Moderate
Unreviewed
CVE-2024-5639
was published
Jun 21, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Critical
CVE-2023-44981
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Oct 11, 2023
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Low
CVE-2024-29181
was published
for
@strapi/plugin-content-manager
(npm)
Jun 12, 2024
EC-CUBE vulnerable to authorization bypass
Moderate
CVE-2014-0808
was published
for
ec-cube/ec-cube
(Composer)
May 17, 2022
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5438
was published
Jun 7, 2024
The contains an IDOR vulnerability that allows a user to comment on a private post by...
Moderate
Unreviewed
CVE-2024-4886
was published
Jun 5, 2024
Duplicate Advisory: Grafana vulnerable to authorization bypass
Moderate
GHSA-mh7p-8m2f-qrm6
was published
for
github.com/grafana/grafana
(Go)
Mar 26, 2024
•
withdrawn
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects...
Moderate
Unreviewed
CVE-2024-35659
was published
Jun 8, 2024
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Moderate
GHSA-g4hp-pfvf-vm5w
was published
for
silverstripe/framework
(Composer)
May 23, 2024
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11...
Moderate
Unreviewed
CVE-2024-5258
was published
May 23, 2024
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across...
Moderate
Unreviewed
CVE-2024-5166
was published
May 22, 2024
Privilege escalation in sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct...
Moderate
Unreviewed
CVE-2024-4843
was published
May 16, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through...
High
Unreviewed
CVE-2021-36388
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API