GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Filter advisories
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
91
GitHub Actions
54
Go
4,194
Maven
5,000+
npm
5,000+
NuGet
1,021
pip
5,000+
Pub
13
RubyGems
1,102
Rust
1,422
Swift
61
Unreviewed advisories
All unreviewed
5,000+
521 advisories
Filter by severity
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker...
High
Unreviewed
CVE-2022-42175
was published
Jul 5, 2023
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz...
High
Unreviewed
CVE-2022-43492
was published
Jul 6, 2023
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24...
High
Unreviewed
CVE-2023-0985
was published
Jul 6, 2023
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in...
High
Unreviewed
CVE-2023-3105
was published
Jul 12, 2023
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass...
High
Unreviewed
CVE-2023-3525
was published
Jul 12, 2023
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference...
High
Unreviewed
CVE-2023-38257
was published
Jul 18, 2023
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a...
High
Unreviewed
CVE-2023-37543
was published
Aug 10, 2023
An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH...
High
Unreviewed
CVE-2023-28481
was published
Aug 14, 2023
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to...
High
Unreviewed
CVE-2020-10130
was published
Sep 6, 2023
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object...
High
Unreviewed
CVE-2023-4213
was published
Sep 13, 2023
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA...
High
Unreviewed
CVE-2022-24401
was published
Oct 19, 2023
Magento Improper input validation vulnerability
High
CVE-2022-42344
was published
for
magento/community-edition
(Composer)
Oct 20, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU...
High
Unreviewed
CVE-2021-20599
was published
May 24, 2022
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could...
High
Unreviewed
CVE-2024-4538
was published
May 7, 2024
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could...
High
Unreviewed
CVE-2024-4537
was published
May 7, 2024
An authorization bypass through user-controlled key vulnerability [CWE-639] in...
High
Unreviewed
CVE-2023-40720
was published
May 14, 2024
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an...
High
Unreviewed
CVE-2021-36389
was published
May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through...
High
Unreviewed
CVE-2021-36388
was published
May 24, 2022
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows...
High
Unreviewed
CVE-2024-28320
was published
Apr 29, 2024
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to...
High
Unreviewed
CVE-2024-33383
was published
Apr 30, 2024
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to...
High
Unreviewed
CVE-2024-24312
was published
May 1, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ...
High
Unreviewed
CVE-2023-3288
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to...
High
Unreviewed
CVE-2023-38047
was published
Jul 9, 2024
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged...
High
Unreviewed
CVE-2023-3286
was published
Jul 9, 2024
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any...
High
Unreviewed
CVE-2023-3289
was published
Jul 9, 2024
ProTip!
Advisories are also available from the
GraphQL API