GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
170 advisories
Filter by severity
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to...
High
Unreviewed
CVE-2023-38047
was published
Jul 9, 2024
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged...
High
Unreviewed
CVE-2023-3286
was published
Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ...
High
Unreviewed
CVE-2023-3288
was published
Jul 9, 2024
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment...
High
Unreviewed
CVE-2023-3285
was published
Jul 9, 2024
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any...
High
Unreviewed
CVE-2023-3289
was published
Jul 9, 2024
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control...
High
Unreviewed
CVE-2024-32166
was published
Apr 19, 2024
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request...
High
Unreviewed
CVE-2024-38447
was published
Jul 17, 2024
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19...
High
Unreviewed
CVE-2022-41479
was published
Oct 18, 2022
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
High
CVE-2024-39321
was published
for
github.com/traefik/traefik/v2
(Go)
Jul 5, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe...
High
Unreviewed
CVE-2024-43315
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product...
High
Unreviewed
CVE-2024-42463
was published
Aug 16, 2024
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product...
High
Unreviewed
CVE-2024-42464
was published
Aug 16, 2024
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege...
High
Unreviewed
CVE-2024-8428
was published
Sep 6, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub...
High
Unreviewed
CVE-2024-3306
was published
Sep 12, 2024
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing...
High
Unreviewed
CVE-2024-8158
was published
Aug 26, 2024
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to...
High
Unreviewed
CVE-2024-8601
was published
Sep 9, 2024
Sentry improperly authorizes muting of alert rules
High
CVE-2024-45606
was published
for
sentry
(pip)
Sep 17, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its...
High
Unreviewed
CVE-2024-45786
was published
Sep 11, 2024
ProTip!
Advisories are also available from the
GraphQL API