GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
57 advisories
Filter by severity
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for...
Critical
Unreviewed
CVE-2024-9263
was published
Oct 17, 2024
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary...
Critical
Unreviewed
CVE-2024-9862
was published
Oct 17, 2024
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via...
Critical
Unreviewed
CVE-2024-8485
was published
Sep 25, 2024
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin...
Critical
Unreviewed
CVE-2024-8791
was published
Sep 24, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties...
Critical
Unreviewed
CVE-2024-46937
was published
Sep 16, 2024
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the...
Critical
Unreviewed
CVE-2024-27113
was published
Sep 11, 2024
A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5),...
Critical
Unreviewed
CVE-2024-45032
was published
Sep 10, 2024
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-8292
was published
Sep 6, 2024
Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-27730
was published
Aug 15, 2024
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer...
Critical
Unreviewed
CVE-2024-5619
was published
Jul 18, 2024
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged...
Critical
Unreviewed
CVE-2023-3287
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,...
Critical
Unreviewed
CVE-2023-38052
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged...
Critical
Unreviewed
CVE-2023-38049
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38054
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38048
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38050
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38055
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38053
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user...
Critical
Unreviewed
CVE-2023-38051
was published
Jul 9, 2024
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,...
Critical
Unreviewed
CVE-2024-5128
was published
Jun 6, 2024
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially...
Critical
Unreviewed
CVE-2024-33668
was published
Apr 26, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating...
Critical
Unreviewed
CVE-2024-31095
was published
Mar 31, 2024
Authorization Bypass Through User-Controlled Key in go-zero
Critical
CVE-2024-27302
was published
for
github.com/zeromicro/go-zero
(Go)
Mar 4, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Critical
GHSA-92cg-ghq6-9587
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API