Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

209 advisories

Loading
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions... High Unreviewed
CVE-2024-9687 was published Oct 15, 2024
An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated... High Unreviewed
CVE-2024-47495 was published Oct 11, 2024
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on... High Unreviewed
CVE-2024-47657 was published Oct 4, 2024
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible... High Unreviewed
CVE-2024-8290 was published Sep 25, 2024
Next.js Cache Poisoning High
CVE-2024-46982 was published for next (npm) Sep 17, 2024
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
Sentry improperly authorizes deletion of user issue alert notifications High
CVE-2024-45605 was published for sentry (pip) Sep 17, 2024
javeedsk8341
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub... High Unreviewed
CVE-2024-3306 was published Sep 12, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its... High Unreviewed
CVE-2024-45786 was published Sep 11, 2024
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to... High Unreviewed
CVE-2024-8601 was published Sep 9, 2024
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2024-8428 was published Sep 6, 2024
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing... High Unreviewed
CVE-2024-8158 was published Aug 26, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe... High Unreviewed
CVE-2024-43315 was published Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product... High Unreviewed
CVE-2024-42464 was published Aug 16, 2024
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product... High Unreviewed
CVE-2024-42463 was published Aug 16, 2024
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request... High Unreviewed
CVE-2024-38447 was published Jul 17, 2024
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged... High Unreviewed
CVE-2023-3286 was published Jul 9, 2024
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any... High Unreviewed
CVE-2023-3289 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to... High Unreviewed
CVE-2023-38047 was published Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ... High Unreviewed
CVE-2023-3288 was published Jul 9, 2024
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment... High Unreviewed
CVE-2023-3285 was published Jul 9, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS... High Unreviewed
CVE-2024-1107 was published Jun 27, 2024
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including... High Unreviewed
CVE-2024-5130 was published Jun 6, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database