GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,133
Erlang
29
GitHub Actions
19
Go
1,940
Maven
5,000+
npm
3,677
NuGet
645
pip
3,295
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
321 advisories
Filter by severity
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2024-10121
was published
Oct 18, 2024
Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Object Reference Vulnerability...
Moderate
Unreviewed
CVE-2024-22455
was published
Oct 16, 2024
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference...
Moderate
Unreviewed
CVE-2023-7286
was published
Oct 16, 2024
A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303...
Moderate
Unreviewed
CVE-2024-9554
was published
Oct 6, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon...
Moderate
Unreviewed
CVE-2024-47316
was published
Oct 5, 2024
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series...
Moderate
Unreviewed
CVE-2024-20513
was published
Oct 2, 2024
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-9298
was published
Sep 28, 2024
IDOR vulnerability in account profile page
Moderate
CVE-2024-39319
was published
for
aimeos/ai-controller-frontend
(Composer)
Sep 26, 2024
Puma's header normalization allows for client to clobber proxy set headers
Moderate
CVE-2024-45614
was published
for
puma
(RubyGems)
Sep 20, 2024
Sentry improperly authorizes deletion of user issue alert notifications
Moderate
CVE-2024-45605
was published
for
sentry
(pip)
Sep 17, 2024
powermail TYPO3 extension has Insecure Direct Object Reference
Moderate
CVE-2024-47047
was published
for
in2code/powermail
(Composer)
Sep 17, 2024
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all...
Moderate
Unreviewed
CVE-2022-3459
was published
Sep 16, 2024
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object...
Moderate
Unreviewed
CVE-2024-25270
was published
Sep 12, 2024
An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer...
Moderate
Unreviewed
CVE-2023-44254
was published
Sep 10, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure...
Moderate
Unreviewed
CVE-2024-8123
was published
Sep 4, 2024
"powermail" (powermail) Insecure Direct Object Reference (IDOR)
Moderate
CVE-2024-45232
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
Directus has an insecure object reference via PATH presets
Moderate
GHSA-3fff-gqw3-vj86
was published
for
directus
(npm)
Aug 27, 2024
An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view...
Moderate
Unreviewed
CVE-2024-40395
was published
Aug 27, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project...
Moderate
Unreviewed
CVE-2024-43916
was published
Aug 26, 2024
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-7848
was published
Aug 22, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project...
Moderate
Unreviewed
CVE-2024-43322
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This...
Moderate
Unreviewed
CVE-2024-43350
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This...
Moderate
Unreviewed
CVE-2024-43288
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This...
Moderate
Unreviewed
CVE-2024-43239
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in WP Job Portal.This issue...
Moderate
Unreviewed
CVE-2024-43266
was published
Aug 19, 2024
ProTip!
Advisories are also available from the
GraphQL API