Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

209 advisories

Loading
The function check_is_login_page() uses headers for the IP check, which can be easily spoofed. High Unreviewed
CVE-2022-1579 was published Nov 21, 2022
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0... High Unreviewed
CVE-2022-22828 was published Jan 28, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any... High Unreviewed
CVE-2022-25471 was published Mar 4, 2022
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java... High Unreviewed
CVE-2022-45927 was published Jan 19, 2023
The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or... High Unreviewed
CVE-2022-4794 was published Jan 30, 2023
Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software... High Unreviewed
CVE-2022-34138 was published Feb 3, 2023
Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron... High Unreviewed
CVE-2023-0882 was published Feb 17, 2023
The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to... High Unreviewed
CVE-2022-4550 was published Feb 27, 2023
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed... High Unreviewed
CVE-2023-25403 was published Mar 4, 2023
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not... High Unreviewed
CVE-2023-0865 was published Mar 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information... High Unreviewed
CVE-2023-1462 was published Mar 21, 2023
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in... High Unreviewed
CVE-2022-1762 was published Jun 14, 2022
The listed versions of Nexx Smart Home devices lack proper access control when executing actions.... High Unreviewed
CVE-2023-1750 was published Apr 4, 2023
The backend infrastructure shared by multiple mobile device monitoring services does not... High Unreviewed
CVE-2022-0732 was published Feb 25, 2022
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control... High Unreviewed
CVE-2022-22190 was published Apr 15, 2022
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. High Unreviewed
CVE-2022-4505 was published Dec 15, 2022
DataEase API interface has IDOR vulnerability High
CVE-2023-32310 was published for io.dataease:dataease-plugin-common (Maven) Jun 2, 2023
lujiefsi
Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. High Unreviewed
CVE-2023-2844 was published May 23, 2023
Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event... High Unreviewed
CVE-2023-2260 was published Apr 24, 2023
Netmaker IDOR Allows User to Update Other User's Password High
CVE-2023-32078 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
Sensitive information disclosure and manipulation due to improper authorization. The following... High Unreviewed
CVE-2023-44206 was published Sep 27, 2023
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted... High Unreviewed
CVE-2023-46478 was published Oct 31, 2023
In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <=... High Unreviewed
CVE-2023-45380 was published Nov 8, 2023
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of... High Unreviewed
CVE-2023-38884 was published Nov 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database