Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

540 advisories

Loading
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9... High Unreviewed
CVE-2021-24892 was published May 24, 2022
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy ... Moderate Unreviewed
CVE-2022-2198 was published Aug 23, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed
CVE-2021-37213 was published May 24, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2021-37215 was published May 24, 2022
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for... High Unreviewed
CVE-2021-24562 was published May 24, 2022
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an... Moderate Unreviewed
CVE-2022-3930 was published Dec 12, 2022
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object... Moderate Unreviewed
CVE-2022-42067 was published Oct 14, 2022
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on... Moderate Unreviewed
CVE-2022-40205 was published Nov 9, 2022
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various... High Unreviewed
CVE-2022-3805 was published Dec 22, 2022
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX... Moderate Unreviewed
CVE-2022-3794 was published Dec 22, 2022
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on... Moderate Unreviewed
CVE-2022-40206 was published Nov 9, 2022
WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted... High Unreviewed
CVE-2022-36539 was published Sep 8, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin Moderate
CVE-2019-16546 was published for org.jenkins-ci.plugins:google-compute-engine (Maven) May 24, 2022
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as... High Unreviewed
CVE-2022-3846 was published Dec 5, 2022
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing... Moderate Unreviewed
CVE-2022-4097 was published Dec 12, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to... Moderate Unreviewed
CVE-2019-9921 was published May 13, 2022
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although... Moderate Unreviewed
CVE-2022-23061 was published May 3, 2022
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure... High Unreviewed
CVE-2022-28986 was published May 11, 2022
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0... Moderate Unreviewed
CVE-2022-2499 was published Aug 6, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to... High Unreviewed
CVE-2022-2367 was published Aug 9, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions... Moderate Unreviewed
CVE-2022-1352 was published May 12, 2022
Authorization Bypass Through User-Controlled Key in Bagisto Moderate
CVE-2019-16403 was published for bagisto/bagisto (Composer) Nov 8, 2019
IDOR can reveal execution data and logs to unauthorized user in Rundeck Moderate
CVE-2020-11009 was published for org.rundeck:rundeck (Maven) Apr 29, 2020
Machine-In-The-Middle in lix High
CVE-2020-10800 was published for lix (npm) Apr 16, 2020
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network... Moderate Unreviewed
CVE-2019-9938 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API