Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+

600 advisories

Loading
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,... Critical Unreviewed
CVE-2024-5128 was published Jun 6, 2024
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including... High Unreviewed
CVE-2024-5130 was published Jun 6, 2024
The contains an IDOR vulnerability that allows a user to comment on a private post by... Moderate Unreviewed
CVE-2024-4886 was published Jun 5, 2024
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation Moderate
GHSA-g4hp-pfvf-vm5w was published for silverstripe/framework (Composer) May 23, 2024
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11... Moderate Unreviewed
CVE-2024-5258 was published May 23, 2024
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across... Moderate Unreviewed
CVE-2024-5166 was published May 22, 2024
ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct... Moderate Unreviewed
CVE-2024-4843 was published May 16, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability Moderate
CVE-2024-28087 was published for org.bonitasoft.engine:bonita-server (Maven) May 15, 2024
Grafana API IDOR Moderate
CVE-2022-21713 was published for github.com/grafana/grafana (Go) May 14, 2024
An authorization bypass through user-controlled key vulnerability [CWE-639] in... High Unreviewed
CVE-2023-40720 was published May 14, 2024
Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR)... Unknown Unreviewed
CVE-2024-33818 was published May 14, 2024
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could... High Unreviewed
CVE-2024-4538 was published May 7, 2024
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could... High Unreviewed
CVE-2024-4537 was published May 7, 2024
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress... Moderate Unreviewed
CVE-2024-34383 was published May 6, 2024
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to... High Unreviewed
CVE-2024-24312 was published May 1, 2024
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to... High Unreviewed
CVE-2024-33383 was published Apr 30, 2024
ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man... Critical Unreviewed
CVE-2019-19755 was published Apr 30, 2024
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows... High Unreviewed
CVE-2024-28320 was published Apr 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider... Moderate Unreviewed
CVE-2024-33542 was published Apr 29, 2024
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially... Critical Unreviewed
CVE-2024-33668 was published Apr 26, 2024
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP... Moderate Unreviewed
CVE-2024-32823 was published Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This... Moderate Unreviewed
CVE-2024-32772 was published Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This... Moderate Unreviewed
CVE-2024-32808 was published Apr 24, 2024
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control... High Unreviewed
CVE-2024-32166 was published Apr 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This... Moderate Unreviewed
CVE-2024-32683 was published Apr 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database