Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,067
Erlang
29
GitHub Actions
19
Go
1,891
Maven
5,000+
npm
3,624
NuGet
638
pip
3,235
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

50 advisories

Loading
A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5),... Critical Unreviewed
CVE-2024-45032 was published Sep 10, 2024
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-8292 was published Sep 6, 2024
Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain... Critical Unreviewed
CVE-2024-27730 was published Aug 15, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating... Critical Unreviewed
CVE-2024-31095 was published Mar 31, 2024
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer... Critical Unreviewed
CVE-2024-5619 was published Jul 18, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user... Critical Unreviewed
CVE-2023-38051 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38048 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38050 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to... Critical Unreviewed
CVE-2023-38053 was published Jul 9, 2024
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged... Critical Unreviewed
CVE-2023-3287 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,... Critical Unreviewed
CVE-2023-38052 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38054 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged... Critical Unreviewed
CVE-2023-38049 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38055 was published Jul 9, 2024
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially... Critical Unreviewed
CVE-2024-33668 was published Apr 26, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper Critical
CVE-2023-44981 was published for org.apache.zookeeper:zookeeper (Maven) Oct 11, 2023
Privilege escalation in sap/cloud-security-client-go Critical
CVE-2023-50424 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023
Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows... Critical Unreviewed
CVE-2023-3048 was published Jun 13, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows... Critical Unreviewed
CVE-2023-2958 was published Jul 17, 2023
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is... Critical Unreviewed
CVE-2023-2276 was published Jul 6, 2023
EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization... Critical Unreviewed
CVE-2023-31182 was published Jul 6, 2023
Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers... Critical Unreviewed
CVE-2023-37242 was published Jul 6, 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR... Critical Unreviewed
CVE-2022-36247 was published May 30, 2023
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by... Critical Unreviewed
CVE-2023-2713 was published May 20, 2023
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has... Critical Unreviewed
CVE-2020-16088 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API