GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+
415 advisories
Filter by severity
In affected versions of Octopus Server it is possible to reveal information about teams via the...
Moderate
Unreviewed
CVE-2022-2828
was published
Oct 13, 2022
Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An...
Moderate
Unreviewed
CVE-2022-38765
was published
Dec 9, 2022
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a...
Moderate
Unreviewed
CVE-2022-2535
was published
Aug 16, 2022
A vulnerability, which was classified as problematic, has been found in Click Studios...
Moderate
Unreviewed
CVE-2022-3876
was published
Dec 19, 2022
Belkin Linksys Velop 1.1.8.192419 devices allows remote attackers to discover the recovery key...
Moderate
Unreviewed
CVE-2019-16340
was published
May 24, 2022
An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and...
Moderate
Unreviewed
CVE-2019-15582
was published
May 24, 2022
Atos Unify OpenScape UC Web Client 1.0 allows remote attackers to obtain sensitive information....
Moderate
Unreviewed
CVE-2019-19866
was published
May 24, 2022
The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP...
Moderate
Unreviewed
CVE-2022-2877
was published
Sep 17, 2022
The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address...
Moderate
Unreviewed
CVE-2022-2913
was published
Sep 17, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles...
Moderate
Unreviewed
CVE-2020-14174
was published
May 24, 2022
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows...
Moderate
Unreviewed
CVE-2020-27742
was published
May 24, 2022
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >=...
Moderate
Unreviewed
CVE-2020-13357
was published
May 24, 2022
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software...
Moderate
Unreviewed
CVE-2020-26068
was published
May 24, 2022
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download...
Moderate
Unreviewed
CVE-2020-26178
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the...
Moderate
Unreviewed
CVE-2020-36231
was published
May 24, 2022
Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.
Moderate
Unreviewed
CVE-2021-3813
was published
Feb 10, 2022
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet...
Moderate
Unreviewed
CVE-2020-6641
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience...
Moderate
Unreviewed
CVE-2021-31927
was published
May 24, 2022
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object...
Moderate
Unreviewed
CVE-2021-35337
was published
May 24, 2022
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing...
Moderate
Unreviewed
CVE-2021-24473
was published
May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37212
was published
May 24, 2022
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0...
Moderate
Unreviewed
CVE-2022-36284
was published
Aug 6, 2022
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via...
Moderate
Unreviewed
CVE-2021-40352
was published
May 24, 2022
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the ...
Moderate
Unreviewed
CVE-2021-33981
was published
May 24, 2022
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message...
Moderate
Unreviewed
CVE-2022-2080
was published
Aug 29, 2022
ProTip!
Advisories are also available from the
GraphQL API