GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,377
Composer 4,373
Erlang 33
GitHub Actions 22
Go 2,139
Maven 5,314
npm 3,799
NuGet 687
pip 3,478
Pub 12
RubyGems 896
Rust 898
Swift 38

Unreviewed advisories

All unreviewed 245,481

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

350 advisories

Filter by severity

Sort by

Least recently updated

The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all... Moderate Unreviewed

CVE-2022-3459 was published Sep 16, 2024

An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object... Moderate Unreviewed

CVE-2024-25270 was published Sep 12, 2024

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer... Moderate Unreviewed

CVE-2023-44254 was published Sep 10, 2024

The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed

CVE-2024-8123 was published Sep 4, 2024

An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view... Moderate Unreviewed

CVE-2024-40395 was published Aug 27, 2024

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project... Moderate Unreviewed

CVE-2024-43916 was published Aug 26, 2024

The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2024-7848 was published Aug 22, 2024

Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This... Moderate Unreviewed

CVE-2024-43288 was published Aug 19, 2024

Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This... Moderate Unreviewed

CVE-2024-43350 was published Aug 19, 2024

Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project... Moderate Unreviewed

CVE-2024-43322 was published Aug 19, 2024

Authorization Bypass Through User-Controlled Key vulnerability in WP Job Portal.This issue... Moderate Unreviewed

CVE-2024-43266 was published Aug 19, 2024

Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This... Moderate Unreviewed

CVE-2024-43239 was published Aug 19, 2024

The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object... Moderate Unreviewed

CVE-2023-7049 was published Aug 16, 2024

Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access... Moderate Unreviewed

CVE-2024-21981 was published Aug 13, 2024

Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows... Moderate Unreviewed

CVE-2024-39642 was published Aug 13, 2024

A vulnerability, which was classified as problematic, has been found in projectsend up to r1605.... Moderate Unreviewed

CVE-2024-7658 was published Aug 12, 2024

A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior... Moderate Unreviewed

CVE-2024-3035 was published Aug 8, 2024

Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. Moderate Unreviewed

CVE-2024-6357 was published Aug 6, 2024

A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic.... Moderate Unreviewed

CVE-2024-7438 was published Aug 3, 2024

A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4.... Moderate Unreviewed

CVE-2024-7437 was published Aug 3, 2024

An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey()... Moderate Unreviewed

CVE-2024-41254 was published Jul 31, 2024

Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects... Moderate Unreviewed

CVE-2024-38701 was published Jul 22, 2024

On versions before 2.1.4, after a regular user successfully logs in, they can manually make a... Moderate Unreviewed

CVE-2024-34457 was published Jul 22, 2024

The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed

CVE-2024-5977 was published Jul 19, 2024

NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the... Moderate Unreviewed

CVE-2024-38446 was published Jul 17, 2024

Previous 1 2 3 4 5 6 … 13 14 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

350 advisories