GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
280 advisories
Filter by severity
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows...
Moderate
Unreviewed
CVE-2019-14721
was published
May 24, 2022
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access...
Moderate
Unreviewed
CVE-2022-26254
was published
Mar 28, 2022
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony...
Moderate
Unreviewed
CVE-2022-27108
was published
Apr 7, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an...
Moderate
Unreviewed
CVE-2022-29287
was published
Apr 17, 2022
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to...
Moderate
Unreviewed
CVE-2022-1461
was published
Apr 26, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to...
Moderate
Unreviewed
CVE-2021-24800
was published
Apr 26, 2022
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions...
Moderate
Unreviewed
CVE-2022-3995
was published
Nov 29, 2022
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to...
Moderate
Unreviewed
CVE-2022-29627
was published
Jun 3, 2022
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016...
Moderate
Unreviewed
CVE-2022-30760
was published
Jun 10, 2022
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low...
Moderate
Unreviewed
CVE-2022-31883
was published
Jun 29, 2022
this vulnerability affect user that even not allowed to access via the web interface. First of...
Moderate
Unreviewed
CVE-2022-23173
was published
Jul 7, 2022
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects...
Moderate
Unreviewed
CVE-2017-20101
was published
Jun 28, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object...
Moderate
Unreviewed
CVE-2022-33944
was published
Jul 21, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object...
Moderate
Unreviewed
CVE-2022-34150
was published
Jul 21, 2022
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists...
Moderate
Unreviewed
CVE-2022-1881
was published
Jul 16, 2022
The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from...
Moderate
Unreviewed
CVE-2022-1613
was published
Sep 27, 2022
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master...
Moderate
Unreviewed
CVE-2021-36865
was published
Oct 1, 2022
The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP...
Moderate
Unreviewed
CVE-2022-1600
was published
Aug 2, 2022
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the...
Moderate
Unreviewed
CVE-2022-4239
was published
Dec 26, 2022
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2022-34621
was published
Aug 20, 2022
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0...
Moderate
Unreviewed
CVE-2022-29434
was published
May 21, 2022
In affected versions of Octopus Server it is possible to reveal information about teams via the...
Moderate
Unreviewed
CVE-2022-2828
was published
Oct 13, 2022
Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An...
Moderate
Unreviewed
CVE-2022-38765
was published
Dec 9, 2022
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a...
Moderate
Unreviewed
CVE-2022-2535
was published
Aug 16, 2022
A vulnerability, which was classified as problematic, has been found in Click Studios...
Moderate
Unreviewed
CVE-2022-3876
was published
Dec 19, 2022
ProTip!
Advisories are also available from the
GraphQL API