GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
309 advisories
Filter by severity
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote...
Moderate
Unreviewed
CVE-2020-13998
was published
May 24, 2022
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Moderate
CVE-2024-38874
was published
for
jweiland/events2
(Composer)
Jun 21, 2024
Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence.
Moderate
Unreviewed
CVE-2024-6357
was published
Aug 6, 2024
Grafana: Users outside an organization can delete a snapshot with its key
Moderate
CVE-2024-1313
was published
for
github.com/grafana/grafana
(Go)
Apr 5, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Moderate
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
Moderate
CVE-2024-39900
was published
for
org.opensearch.plugin:opensearch-reports-scheduler
(Maven)
Jul 18, 2024
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior...
Moderate
Unreviewed
CVE-2024-3035
was published
Aug 8, 2024
Cache driver GetBlob() allows read access to any blob without access control check
Moderate
CVE-2024-39897
was published
for
zotregistry.dev/zot
(Go)
Jul 9, 2024
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows...
Moderate
Unreviewed
CVE-2024-39642
was published
Aug 13, 2024
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605....
Moderate
Unreviewed
CVE-2024-7658
was published
Aug 12, 2024
Improper key usage control in AMD Secure Processor
(ASP) may allow an attacker with local access...
Moderate
Unreviewed
CVE-2024-21981
was published
Aug 13, 2024
The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object...
Moderate
Unreviewed
CVE-2023-7049
was published
Aug 16, 2024
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-51141
was published
Apr 11, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This...
Moderate
Unreviewed
CVE-2024-43239
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in WP Job Portal.This issue...
Moderate
Unreviewed
CVE-2024-43266
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This...
Moderate
Unreviewed
CVE-2024-43288
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project...
Moderate
Unreviewed
CVE-2024-43322
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This...
Moderate
Unreviewed
CVE-2024-43350
was published
Aug 19, 2024
Improper access control in Directus
Moderate
CVE-2024-6534
was published
for
directus
(npm)
Aug 15, 2024
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-7848
was published
Aug 22, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project...
Moderate
Unreviewed
CVE-2024-43916
was published
Aug 26, 2024
Directus has an insecure object reference via PATH presets
Moderate
GHSA-3fff-gqw3-vj86
was published
for
directus
(npm)
Aug 27, 2024
"powermail" (powermail) Insecure Direct Object Reference (IDOR)
Moderate
CVE-2024-45232
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view...
Moderate
Unreviewed
CVE-2024-40395
was published
Aug 27, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure...
Moderate
Unreviewed
CVE-2024-8123
was published
Sep 4, 2024
ProTip!
Advisories are also available from the
GraphQL API