Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

600 advisories

Loading
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low... Moderate Unreviewed
CVE-2022-31883 was published Jun 29, 2022
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects... Moderate Unreviewed
CVE-2017-20101 was published Jun 28, 2022
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP... High Unreviewed
CVE-2022-1614 was published Jun 21, 2022
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated... High Unreviewed
CVE-2022-31295 was published Jun 17, 2022
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in... High Unreviewed
CVE-2022-1762 was published Jun 14, 2022
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016... Moderate Unreviewed
CVE-2022-30760 was published Jun 10, 2022
Authorization Bypass Through User-Controlled Key in go-restful Critical
CVE-2022-1996 was published for github.com/emicklei/go-restful (Go) Jun 9, 2022
hiddeco
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to... Moderate Unreviewed
CVE-2022-29627 was published Jun 3, 2022
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ... Critical Unreviewed
CVE-2022-30495 was published May 27, 2022
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for... High Unreviewed
CVE-2021-24562 was published May 24, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2021-37215 was published May 24, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed
CVE-2021-37213 was published May 24, 2022
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can... Moderate Unreviewed
CVE-2019-12252 was published May 24, 2022
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9... High Unreviewed
CVE-2021-24892 was published May 24, 2022
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to... Moderate Unreviewed
CVE-2021-3380 was published May 24, 2022
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the... Moderate Unreviewed
CVE-2021-24840 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed
CVE-2021-41306 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed
CVE-2021-41305 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... High Unreviewed
CVE-2021-41307 was published May 24, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU... High Unreviewed
CVE-2021-20599 was published May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an... High Unreviewed
CVE-2021-36389 was published May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through... High Unreviewed
CVE-2021-36388 was published May 24, 2022
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed... Moderate Unreviewed
CVE-2021-36387 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database