Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

308 advisories

Loading
The Metform Elementor Contact Form Builder for WordPress is vulnerable to Information Disclosure... Moderate Unreviewed
CVE-2023-0691 was published Jun 9, 2023
Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows... Moderate Unreviewed
CVE-2023-30216 was published May 4, 2023
The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed... Moderate Unreviewed
CVE-2023-1911 was published May 2, 2023
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated... Moderate Unreviewed
CVE-2023-1129 was published Apr 24, 2023
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object... Moderate Unreviewed
CVE-2022-45175 was published Apr 14, 2023
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability... Moderate Unreviewed
CVE-2020-8297 was published May 24, 2022
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker... Moderate Unreviewed
CVE-2020-5743 was published May 24, 2022
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to... Moderate Unreviewed
CVE-2019-5466 was published May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip... Moderate Unreviewed
CVE-2020-5194 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense ... Moderate Unreviewed
CVE-2019-19616 was published May 24, 2022
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to... Moderate Unreviewed
CVE-2019-5966 was published May 24, 2022
An issue was discovered in the Ascensia Contour NEXT ONE application for iOS and Android before... Moderate Unreviewed
CVE-2018-18976 was published May 24, 2022
Authorization Bypass Through User-Controlled Key vulnerability in UPQODE Whizz.This issue affects... Moderate Unreviewed
CVE-2024-30543 was published Mar 31, 2024
** UNSUPPPORTED WHEN ASSIGNED ** An IDOR vulnerability has been found in ZKTeco ZEM800 product... Moderate Unreviewed
CVE-2023-4587 was published Sep 4, 2023
An Insecure Direct Object Reference (IDOR) vulnerability in the Change Password feature of Subex... Moderate Unreviewed
CVE-2020-9384 was published May 24, 2022
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This... Moderate Unreviewed
CVE-2024-30513 was published Mar 29, 2024
An authorization bypass was discovered in the Carrier MASmobile Classic application through 1.16... Moderate Unreviewed
CVE-2023-36483 was published Mar 16, 2024
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to... Moderate Unreviewed
CVE-2022-32277 was published Sep 7, 2022
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is... Moderate Unreviewed
CVE-2023-6983 was published Feb 6, 2024
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed
CVE-2024-0366 was published Feb 6, 2024
Magento 2 Community Edition IDOR Vulnerability Moderate
CVE-2019-7864 was published for magento/community-edition (Composer) May 24, 2022
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0... Moderate Unreviewed
CVE-2023-7199 was published Jan 29, 2024
The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for... Moderate Unreviewed
CVE-2023-6384 was published Jan 22, 2024
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience... Moderate Unreviewed
CVE-2023-7031 was published Jan 17, 2024
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via... Moderate Unreviewed
CVE-2023-36235 was published Jan 17, 2024
ProTip! Advisories are also available from the GraphQL API