GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
151 advisories
Filter by severity
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any...
High
Unreviewed
CVE-2022-33077
was published
Oct 19, 2022
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19...
High
Unreviewed
CVE-2022-41479
was published
Oct 18, 2022
WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted...
High
Unreviewed
CVE-2022-36539
was published
Sep 8, 2022
The forgot password token basically just makes us capable of taking over the account of whoever...
High
Unreviewed
CVE-2022-3019
was published
Aug 29, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to...
High
Unreviewed
CVE-2022-2367
was published
Aug 9, 2022
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote...
High
Unreviewed
CVE-2022-2193
was published
Jul 20, 2022
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the...
High
Unreviewed
CVE-2021-24655
was published
Jul 18, 2022
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP...
High
Unreviewed
CVE-2022-1614
was published
Jun 21, 2022
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated...
High
Unreviewed
CVE-2022-31295
was published
Jun 17, 2022
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in...
High
Unreviewed
CVE-2022-1762
was published
Jun 14, 2022
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for...
High
Unreviewed
CVE-2021-24562
was published
May 24, 2022
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9...
High
Unreviewed
CVE-2021-24892
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to...
High
Unreviewed
CVE-2021-41305
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to...
High
Unreviewed
CVE-2021-41306
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers...
High
Unreviewed
CVE-2021-41307
was published
May 24, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU...
High
Unreviewed
CVE-2021-20599
was published
May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through...
High
Unreviewed
CVE-2021-36388
was published
May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an...
High
Unreviewed
CVE-2021-36389
was published
May 24, 2022
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by...
High
Unreviewed
CVE-2021-37777
was published
May 24, 2022
ECOA BAS controller is vulnerable to insecure direct object references that occur when the...
High
Unreviewed
CVE-2021-41298
was published
May 24, 2022
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin...
High
Unreviewed
CVE-2021-36874
was published
May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter...
High
Unreviewed
CVE-2021-40355
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
High
Unreviewed
CVE-2021-36032
was published
May 24, 2022
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference...
High
Unreviewed
CVE-2021-22023
was published
May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)...
High
Unreviewed
CVE-2021-37214
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API