GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
169 advisories
Filter by severity
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU...
High
Unreviewed
CVE-2021-20599
was published
May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through...
High
Unreviewed
CVE-2021-36388
was published
May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an...
High
Unreviewed
CVE-2021-36389
was published
May 24, 2022
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by...
High
Unreviewed
CVE-2021-37777
was published
May 24, 2022
ECOA BAS controller is vulnerable to insecure direct object references that occur when the...
High
Unreviewed
CVE-2021-41298
was published
May 24, 2022
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin...
High
Unreviewed
CVE-2021-36874
was published
May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter...
High
Unreviewed
CVE-2021-40355
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
High
Unreviewed
CVE-2021-36032
was published
May 24, 2022
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference...
High
Unreviewed
CVE-2021-22023
was published
May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)...
High
Unreviewed
CVE-2021-37214
was published
May 24, 2022
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user...
High
Unreviewed
CVE-2021-36801
was published
May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when...
High
Unreviewed
CVE-2021-21013
was published
May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when...
High
Unreviewed
CVE-2021-21012
was published
May 24, 2022
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code...
High
Unreviewed
CVE-2019-15310
was published
May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin...
High
Unreviewed
CVE-2019-17050
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
High
Unreviewed
CVE-2019-14724
was published
May 24, 2022
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to...
High
Unreviewed
CVE-2019-14932
was published
May 24, 2022
Magento 2 Community Edition Access Control Bypass
High
CVE-2019-7950
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition IDOR Vulnerability
High
CVE-2019-7890
was published
for
magento/community-edition
(Composer)
May 24, 2022
Magento 2 Community Edition IDOR Vulnerability
High
CVE-2019-7854
was published
for
magento/community-edition
(Composer)
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can...
High
Unreviewed
CVE-2019-13605
was published
May 24, 2022
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL...
High
Unreviewed
CVE-2019-13337
was published
May 24, 2022
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 ...
High
Unreviewed
CVE-2019-12782
was published
May 24, 2022
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account,...
High
Unreviewed
CVE-2019-12742
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API