Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

308 advisories

Loading
An indirect object reference (IDOR) in GRANDING UTime Master v9.0.7-Build:Apr 4,2023 allows... Moderate Unreviewed
CVE-2023-45393 was published Oct 13, 2023
An Insecure Direct Object Reference (IDOR) vulnerability leads to events profiles access in... Moderate Unreviewed
CVE-2023-45396 was published Oct 11, 2023
An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet... Moderate Unreviewed
CVE-2023-44249 was published Oct 10, 2023
An issue was discovered in WatchGuard EPDR 8.0.21.0002. It is possible to bypass the defensive... Moderate Unreviewed
CVE-2023-26237 was published Oct 5, 2023
Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php".... Moderate Unreviewed
CVE-2023-2544 was published Oct 3, 2023
Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could... Moderate Unreviewed
CVE-2023-32669 was published Oct 3, 2023
The QSige login SSO does not have an access control mechanism to verify whether the user... Moderate Unreviewed
CVE-2023-4101 was published Oct 3, 2023
The QSige Monitor application does not have an access control mechanism to verify whether the... Moderate Unreviewed
CVE-2023-4099 was published Oct 3, 2023
An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a... Moderate Unreviewed
CVE-2023-42334 was published Sep 20, 2023
The OData service of the S4 HANA (Manage checkbook apps) - versions 102, 103, 104, 105, 106, 107,... Moderate Unreviewed
CVE-2023-41368 was published Sep 14, 2023
Keylime registrar and (untrusted) Agent can be bypassed by an attacker Moderate
CVE-2023-38201 was published for keylime (pip) Sep 6, 2023
** UNSUPPPORTED WHEN ASSIGNED ** An IDOR vulnerability has been found in ZKTeco ZEM800 product... Moderate Unreviewed
CVE-2023-4587 was published Sep 4, 2023
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up... Moderate Unreviewed
CVE-2023-2172 was published Aug 31, 2023
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up... Moderate Unreviewed
CVE-2023-2173 was published Aug 31, 2023
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure... Moderate Unreviewed
CVE-2023-0689 was published Aug 31, 2023
The All Users Messenger WordPress plugin through 1.24 does not prevent non-administrator users... Moderate Unreviewed
CVE-2023-4023 was published Aug 30, 2023
The Simple Blog Card WordPress plugin before 1.32 does not ensure that posts to be displayed via... Moderate Unreviewed
CVE-2023-4036 was published Aug 30, 2023
The Simple Author Box WordPress plugin before 2.52 does not verify a user ID before outputting... Moderate Unreviewed
CVE-2023-3601 was published Aug 14, 2023
Easy!Appointments Improper Access Control vulnerability Moderate
CVE-2023-3700 was published for alextselegidis/easyappointments (Composer) Jul 17, 2023
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15... Moderate Unreviewed
CVE-2023-2190 was published Jul 13, 2023
A security defect was identified in Foundry Comments that enabled a user to discover the contents... Moderate Unreviewed
CVE-2023-30956 was published Jul 11, 2023
A security defect was discovered in Foundry job-tracker that enabled users to query metadata... Moderate Unreviewed
CVE-2023-30960 was published Jul 11, 2023
The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its... Moderate Unreviewed
CVE-2023-3219 was published Jul 10, 2023
HGiga MailSherlock has vulnerability of insufficient access control. An unauthenticated remote... Moderate Unreviewed
CVE-2023-24842 was published Jul 6, 2023
Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other... Moderate Unreviewed
CVE-2023-26428 was published Jun 20, 2023
ProTip! Advisories are also available from the GraphQL API