Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,948
Maven
5,000+
npm
5,000+
NuGet
969
pip
5,000+
Pub
13
RubyGems
1,062
Rust
1,383
Swift
56
Unreviewed advisories
All unreviewed
5,000+

1,473 advisories

Loading
The forgot password token basically just makes us capable of taking over the account of whoever... High Unreviewed
CVE-2022-3019 was published Aug 29, 2022
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the ... Moderate Unreviewed
CVE-2021-33981 was published May 24, 2022
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message... Moderate Unreviewed
CVE-2022-2080 was published Aug 29, 2022
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete... Moderate Unreviewed
CVE-2021-24318 was published May 24, 2022
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain... Moderate Unreviewed
CVE-2021-29773 was published May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter... High Unreviewed
CVE-2021-40355 was published May 24, 2022
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An... Critical Unreviewed
CVE-2021-37184 was published May 24, 2022
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is... Critical Unreviewed
CVE-2021-41301 was published May 24, 2022
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference... Moderate Unreviewed
CVE-2021-39889 was published May 24, 2022
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin... High Unreviewed
CVE-2021-36874 was published May 24, 2022
ECOA BAS controller is vulnerable to insecure direct object references that occur when the... High Unreviewed
CVE-2021-41298 was published May 24, 2022
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by... High Unreviewed
CVE-2021-37777 was published May 24, 2022
kimai2 is vulnerable to Improper Access Control Moderate
CVE-2021-3992 was published for kevinpapst/kimai2 (Composer) Dec 3, 2021
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... High Unreviewed
CVE-2021-41307 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed
CVE-2021-41305 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed
CVE-2021-41306 was published May 24, 2022
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the... Moderate Unreviewed
CVE-2021-24840 was published May 24, 2022
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to... Moderate Unreviewed
CVE-2021-3380 was published May 24, 2022
The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users... Moderate Unreviewed
CVE-2022-1580 was published Sep 20, 2022
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9... High Unreviewed
CVE-2021-24892 was published May 24, 2022
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy ... Moderate Unreviewed
CVE-2022-2198 was published Aug 23, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed
CVE-2021-37213 was published May 24, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2021-37215 was published May 24, 2022
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for... High Unreviewed
CVE-2021-24562 was published May 24, 2022
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an... Moderate Unreviewed
CVE-2022-3930 was published Dec 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database