GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
321 advisories
Filter by severity
The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object...
Moderate
Unreviewed
CVE-2023-7049
was published
Aug 16, 2024
Improper access control in Directus
Moderate
CVE-2024-6534
was published
for
directus
(npm)
Aug 15, 2024
Improper key usage control in AMD Secure Processor
(ASP) may allow an attacker with local access...
Moderate
Unreviewed
CVE-2024-21981
was published
Aug 13, 2024
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows...
Moderate
Unreviewed
CVE-2024-39642
was published
Aug 13, 2024
A vulnerability, which was classified as problematic, has been found in projectsend up to r1605....
Moderate
Unreviewed
CVE-2024-7658
was published
Aug 12, 2024
A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior...
Moderate
Unreviewed
CVE-2024-3035
was published
Aug 8, 2024
Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence.
Moderate
Unreviewed
CVE-2024-6357
was published
Aug 6, 2024
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic....
Moderate
Unreviewed
CVE-2024-7438
was published
Aug 3, 2024
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4....
Moderate
Unreviewed
CVE-2024-7437
was published
Aug 3, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects...
Moderate
Unreviewed
CVE-2024-38701
was published
Jul 22, 2024
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a...
Moderate
Unreviewed
CVE-2024-34457
was published
Jul 22, 2024
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Moderate
CVE-2024-40430
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jul 22, 2024
•
withdrawn
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5977
was published
Jul 19, 2024
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
Moderate
CVE-2024-39900
was published
for
org.opensearch.plugin:opensearch-reports-scheduler
(Maven)
Jul 18, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Moderate
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Cache driver GetBlob() allows read access to any blob without access control check
Moderate
CVE-2024-39897
was published
for
zotregistry.dev/zot
(Go)
Jul 9, 2024
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and...
Moderate
Unreviewed
CVE-2024-21759
was published
Jul 9, 2024
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged...
Moderate
Unreviewed
CVE-2023-3290
was published
Jul 9, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify...
Moderate
Unreviewed
CVE-2024-31898
was published
Jun 30, 2024
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in...
Moderate
Unreviewed
CVE-2024-5942
was published
Jun 29, 2024
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all...
Moderate
Unreviewed
CVE-2024-4874
was published
Jun 22, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Moderate
CVE-2024-38874
was published
for
jweiland/events2
(Composer)
Jun 21, 2024
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference...
Moderate
Unreviewed
CVE-2024-5639
was published
Jun 21, 2024
Kiuwan provides an API endpoint
/saas/rest/v1/info/application
to get information about any ...
Moderate
Unreviewed
CVE-2023-49112
was published
Jun 20, 2024
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects...
Moderate
Unreviewed
CVE-2024-35659
was published
Jun 8, 2024
ProTip!
Advisories are also available from the
GraphQL API