Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

255 advisories

Loading
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14721 was published May 24, 2022
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access... Moderate Unreviewed
CVE-2022-26254 was published Mar 28, 2022
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony... Moderate Unreviewed
CVE-2022-27108 was published Apr 7, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an... Moderate Unreviewed
CVE-2022-29287 was published Apr 17, 2022
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to... Moderate Unreviewed
CVE-2022-1461 was published Apr 26, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to... Moderate Unreviewed
CVE-2021-24800 was published Apr 26, 2022
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions... Moderate Unreviewed
CVE-2022-3995 was published Nov 29, 2022
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to... Moderate Unreviewed
CVE-2022-29627 was published Jun 3, 2022
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016... Moderate Unreviewed
CVE-2022-30760 was published Jun 10, 2022
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low... Moderate Unreviewed
CVE-2022-31883 was published Jun 29, 2022
this vulnerability affect user that even not allowed to access via the web interface. First of... Moderate Unreviewed
CVE-2022-23173 was published Jul 7, 2022
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects... Moderate Unreviewed
CVE-2017-20101 was published Jun 28, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object... Moderate Unreviewed
CVE-2022-33944 was published Jul 21, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object... Moderate Unreviewed
CVE-2022-34150 was published Jul 21, 2022
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists... Moderate Unreviewed
CVE-2022-1881 was published Jul 16, 2022
The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from... Moderate Unreviewed
CVE-2022-1613 was published Sep 27, 2022
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master... Moderate Unreviewed
CVE-2021-36865 was published Oct 1, 2022
The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP... Moderate Unreviewed
CVE-2022-1600 was published Aug 2, 2022
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the... Moderate Unreviewed
CVE-2022-4239 was published Dec 26, 2022
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2022-34621 was published Aug 20, 2022
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0... Moderate Unreviewed
CVE-2022-29434 was published May 21, 2022
In affected versions of Octopus Server it is possible to reveal information about teams via the... Moderate Unreviewed
CVE-2022-2828 was published Oct 13, 2022
Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An... Moderate Unreviewed
CVE-2022-38765 was published Dec 9, 2022
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a... Moderate Unreviewed
CVE-2022-2535 was published Aug 16, 2022
A vulnerability, which was classified as problematic, has been found in Click Studios... Moderate Unreviewed
CVE-2022-3876 was published Dec 19, 2022
ProTip! Advisories are also available from the GraphQL API