Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

209 advisories

Loading
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference... High Unreviewed
CVE-2021-22023 was published May 24, 2022
The forgot password token basically just makes us capable of taking over the account of whoever... High Unreviewed
CVE-2022-3019 was published Aug 29, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter... High Unreviewed
CVE-2021-40355 was published May 24, 2022
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin... High Unreviewed
CVE-2021-36874 was published May 24, 2022
ECOA BAS controller is vulnerable to insecure direct object references that occur when the... High Unreviewed
CVE-2021-41298 was published May 24, 2022
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by... High Unreviewed
CVE-2021-37777 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... High Unreviewed
CVE-2021-41307 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed
CVE-2021-41306 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed
CVE-2021-41305 was published May 24, 2022
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9... High Unreviewed
CVE-2021-24892 was published May 24, 2022
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for... High Unreviewed
CVE-2021-24562 was published May 24, 2022
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various... High Unreviewed
CVE-2022-3805 was published Dec 22, 2022
WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted... High Unreviewed
CVE-2022-36539 was published Sep 8, 2022
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as... High Unreviewed
CVE-2022-3846 was published Dec 5, 2022
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure... High Unreviewed
CVE-2022-28986 was published May 11, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to... High Unreviewed
CVE-2022-2367 was published Aug 9, 2022
Machine-In-The-Middle in lix High
CVE-2020-10800 was published for lix (npm) Apr 16, 2020
In Monstra CMS 3.0.4, an attacker with 'Editor' privileges can change the password of the... High Unreviewed
CVE-2018-16608 was published May 13, 2022
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey... High Unreviewed
CVE-2021-36906 was published Nov 4, 2022
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object... High Unreviewed
CVE-2022-40319 was published Jan 17, 2023
An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an... High Unreviewed
CVE-2022-3589 was published Nov 21, 2022
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any... High Unreviewed
CVE-2022-33077 was published Oct 19, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4803 was published for github.com/usememos/memos (Go) Dec 28, 2022
growi is vulnerable to Authorization Bypass Through User-Controlled Key High Unreviewed
CVE-2021-3852 was published Jan 13, 2022
Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow... High Unreviewed
CVE-2021-3965 was published Jan 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database