GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
544 advisories
Filter by severity
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6...
High
Unreviewed
CVE-2022-1459
was published
Apr 26, 2022
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to...
Moderate
Unreviewed
CVE-2022-1461
was published
Apr 26, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to...
Moderate
Unreviewed
CVE-2021-24800
was published
Apr 26, 2022
An Insecure Direct Object Reference issue exists in the Tyler Odyssey platform before 17.1.20....
High
Unreviewed
CVE-2022-26665
was published
Apr 19, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an...
Moderate
Unreviewed
CVE-2022-29287
was published
Apr 17, 2022
An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control...
High
Unreviewed
CVE-2022-22190
was published
Apr 15, 2022
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to...
High
Unreviewed
CVE-2021-46416
was published
Apr 8, 2022
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony...
Moderate
Unreviewed
CVE-2022-27108
was published
Apr 7, 2022
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP,...
Critical
Unreviewed
CVE-2022-1165
was published
Apr 5, 2022
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access...
Moderate
Unreviewed
CVE-2022-26254
was published
Mar 28, 2022
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files...
High
Unreviewed
CVE-2021-43957
was published
Mar 17, 2022
The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user...
Moderate
Unreviewed
CVE-2022-0442
was published
Mar 8, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any...
High
Unreviewed
CVE-2022-25471
was published
Mar 4, 2022
The backend infrastructure shared by multiple mobile device monitoring services does not...
High
Unreviewed
CVE-2022-0732
was published
Feb 25, 2022
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2022-0731
was published
for
dolibarr/dolibarr
(Composer)
Feb 24, 2022
url-parse incorrectly parses hostname / protocol due to unstripped leading control characters.
Moderate
CVE-2022-0691
was published
for
url-parse
(npm)
Feb 22, 2022
Authorization Bypass Through User-Controlled Key in url-parse
Critical
CVE-2022-0686
was published
for
url-parse
(npm)
Feb 21, 2022
An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. The Edge Site...
Moderate
Unreviewed
CVE-2022-24979
was published
Feb 20, 2022
url-parse Incorrectly parses URLs that include an '@'
Moderate
CVE-2022-0639
was published
for
url-parse
(npm)
Feb 18, 2022
Authorization Bypass Through User-Controlled Key in urijs
Moderate
CVE-2022-0613
was published
for
urijs
(npm)
Feb 17, 2022
Authorization bypass in url-parse
Moderate
CVE-2022-0512
was published
for
url-parse
(npm)
Feb 15, 2022
Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2.
Moderate
Unreviewed
CVE-2021-3813
was published
Feb 10, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a...
Moderate
Unreviewed
CVE-2021-25096
was published
Feb 8, 2022
An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0...
High
Unreviewed
CVE-2022-22828
was published
Jan 28, 2022
Authorization Bypass Through User-Controlled Key in LiveHelperChat
Moderate
CVE-2022-0266
was published
for
remdex/livehelperchat
(Composer)
Jan 21, 2022
ProTip!
Advisories are also available from the
GraphQL API