GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
179 advisories
Filter by severity
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the...
High
Unreviewed
CVE-2021-24655
was published
Jul 18, 2022
Authorization Bypass in parse-path
High
CVE-2022-0624
was published
for
parse-path
(npm)
Jun 29, 2022
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP...
High
Unreviewed
CVE-2022-1614
was published
Jun 21, 2022
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated...
High
Unreviewed
CVE-2022-31295
was published
Jun 17, 2022
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in...
High
Unreviewed
CVE-2022-1762
was published
Jun 14, 2022
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for...
High
Unreviewed
CVE-2021-24562
was published
May 24, 2022
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9...
High
Unreviewed
CVE-2021-24892
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to...
High
Unreviewed
CVE-2021-41305
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to...
High
Unreviewed
CVE-2021-41306
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers...
High
Unreviewed
CVE-2021-41307
was published
May 24, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU...
High
Unreviewed
CVE-2021-20599
was published
May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an...
High
Unreviewed
CVE-2021-36389
was published
May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through...
High
Unreviewed
CVE-2021-36388
was published
May 24, 2022
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by...
High
Unreviewed
CVE-2021-37777
was published
May 24, 2022
ECOA BAS controller is vulnerable to insecure direct object references that occur when the...
High
Unreviewed
CVE-2021-41298
was published
May 24, 2022
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin...
High
Unreviewed
CVE-2021-36874
was published
May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter...
High
Unreviewed
CVE-2021-40355
was published
May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are...
High
Unreviewed
CVE-2021-36032
was published
May 24, 2022
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference...
High
Unreviewed
CVE-2021-22023
was published
May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)...
High
Unreviewed
CVE-2021-37214
was published
May 24, 2022
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user...
High
Unreviewed
CVE-2021-36801
was published
May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when...
High
Unreviewed
CVE-2021-21012
was published
May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when...
High
Unreviewed
CVE-2021-21013
was published
May 24, 2022
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code...
High
Unreviewed
CVE-2019-15310
was published
May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API