GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,369
Composer 4,373
Erlang 33
GitHub Actions 22
Go 2,135
Maven 5,313
npm 3,797
NuGet 687
pip 3,478
Pub 12
RubyGems 896
Rust 897
Swift 38

Unreviewed advisories

All unreviewed 245,420

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

67 advisories

Filter by severity

Sort by

Least recently updated

Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers... Critical Unreviewed

CVE-2023-37242 was published Jul 6, 2023

EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization... Critical Unreviewed

CVE-2023-31182 was published Jul 6, 2023

The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is... Critical Unreviewed

CVE-2023-2276 was published Jul 6, 2023

Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows... Critical Unreviewed

CVE-2023-2958 was published Jul 17, 2023

Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows... Critical Unreviewed

CVE-2023-3048 was published Jun 13, 2023

An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially... Critical Unreviewed

CVE-2024-33668 was published Apr 26, 2024

A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged... Critical Unreviewed

CVE-2023-38049 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to... Critical Unreviewed

CVE-2023-38055 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,... Critical Unreviewed

CVE-2023-38052 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to... Critical Unreviewed

CVE-2023-38054 was published Jul 9, 2024

A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged... Critical Unreviewed

CVE-2023-3287 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to... Critical Unreviewed

CVE-2023-38048 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to... Critical Unreviewed

CVE-2023-38050 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to... Critical Unreviewed

CVE-2023-38053 was published Jul 9, 2024

A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user... Critical Unreviewed

CVE-2023-38051 was published Jul 9, 2024

Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer... Critical Unreviewed

CVE-2024-5619 was published Jul 18, 2024

Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating... Critical Unreviewed

CVE-2024-31095 was published Mar 31, 2024

Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain... Critical Unreviewed

CVE-2024-27730 was published Aug 15, 2024

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to... Critical Unreviewed

CVE-2024-8292 was published Sep 6, 2024

A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5),... Critical Unreviewed

CVE-2024-45032 was published Sep 10, 2024

An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the... Critical Unreviewed

CVE-2024-27113 was published Sep 11, 2024

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties... Critical Unreviewed

CVE-2024-46937 was published Sep 16, 2024

An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,... Critical Unreviewed

CVE-2024-5128 was published Jun 6, 2024

The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin... Critical Unreviewed

CVE-2024-8791 was published Sep 24, 2024

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed

CVE-2024-8485 was published Sep 25, 2024

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

67 advisories