Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

186 advisories

Loading
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object... High Unreviewed
CVE-2023-4213 was published Sep 13, 2023
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to... High Unreviewed
CVE-2020-10130 was published Sep 6, 2023
Keylime registrar and (untrusted) Agent can be bypassed by an attacker High
CVE-2023-38201 was published for keylime (pip) Sep 6, 2023
Netmaker IDOR Allows User to Update Other User's Password High
CVE-2023-32078 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH... High Unreviewed
CVE-2023-28481 was published Aug 14, 2023
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a... High Unreviewed
CVE-2023-37543 was published Aug 10, 2023
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference... High Unreviewed
CVE-2023-38257 was published Jul 18, 2023
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in... High Unreviewed
CVE-2023-3105 was published Jul 12, 2023
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass... High Unreviewed
CVE-2023-3525 was published Jul 12, 2023
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24... High Unreviewed
CVE-2023-0985 was published Jul 6, 2023
NGINX Management Suite may allow an authenticated attacker to gain access to configuration... High Unreviewed
CVE-2023-28656 was published Jul 6, 2023
Algan Yazılım Prens Student Information System product has an authenticated Insecure Direct... High Unreviewed
CVE-2022-2808 was published Jul 6, 2023
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz... High Unreviewed
CVE-2022-43492 was published Jul 6, 2023
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker... High Unreviewed
CVE-2022-42175 was published Jul 5, 2023
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for... High Unreviewed
CVE-2023-3133 was published Jul 4, 2023
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object... High Unreviewed
CVE-2023-3063 was published Jun 30, 2023
Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket... High Unreviewed
CVE-2023-23679 was published Jun 23, 2023
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin... High Unreviewed
CVE-2023-34000 was published Jun 14, 2023
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid... High Unreviewed
CVE-2021-33223 was published Jun 7, 2023
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low... High Unreviewed
CVE-2023-3066 was published Jun 5, 2023
DataEase API interface has IDOR vulnerability High
CVE-2023-32310 was published for io.dataease:dataease-plugin-common (Maven) Jun 2, 2023
lujiefsi
Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows... High Unreviewed
CVE-2023-2883 was published May 25, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo... High Unreviewed
CVE-2023-2065 was published May 24, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition... High Unreviewed
CVE-2023-2702 was published May 23, 2023
Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. High Unreviewed
CVE-2023-2844 was published May 23, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database