Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

170 advisories

Loading
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz... High Unreviewed
CVE-2022-43492 was published Jul 6, 2023
NGINX Management Suite may allow an authenticated attacker to gain access to configuration... High Unreviewed
CVE-2023-28656 was published Jul 6, 2023
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24... High Unreviewed
CVE-2023-0985 was published Jul 6, 2023
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in... High Unreviewed
CVE-2023-3105 was published Jul 12, 2023
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass... High Unreviewed
CVE-2023-3525 was published Jul 12, 2023
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference... High Unreviewed
CVE-2023-38257 was published Jul 18, 2023
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a... High Unreviewed
CVE-2023-37543 was published Aug 10, 2023
An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH... High Unreviewed
CVE-2023-28481 was published Aug 14, 2023
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to... High Unreviewed
CVE-2020-10130 was published Sep 6, 2023
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object... High Unreviewed
CVE-2023-4213 was published Sep 13, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2023-4934 was published Sep 27, 2023
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA... High Unreviewed
CVE-2022-24401 was published Oct 19, 2023
Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows... High Unreviewed
CVE-2023-6523 was published Apr 5, 2024
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7.... High Unreviewed
CVE-2023-6317 was published Apr 9, 2024
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU... High Unreviewed
CVE-2021-20599 was published May 24, 2022
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could... High Unreviewed
CVE-2024-4538 was published May 7, 2024
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could... High Unreviewed
CVE-2024-4537 was published May 7, 2024
An authorization bypass through user-controlled key vulnerability [CWE-639] in... High Unreviewed
CVE-2023-40720 was published May 14, 2024
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through... High Unreviewed
CVE-2021-36388 was published May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an... High Unreviewed
CVE-2021-36389 was published May 24, 2022
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS... High Unreviewed
CVE-2024-1107 was published Jun 27, 2024
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows... High Unreviewed
CVE-2024-28320 was published Apr 29, 2024
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to... High Unreviewed
CVE-2024-33383 was published Apr 30, 2024
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to... High Unreviewed
CVE-2024-24312 was published May 1, 2024
ProTip! Advisories are also available from the GraphQL API