GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
95 advisories
Filter by severity
Moodle's IDOR in badges allows deletion of arbitrary badges
Moderate
CVE-2024-43431
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
Moderate
CVE-2024-43438
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
Grafana org admin can delete pending invites in different org
Low
CVE-2024-10452
was published
for
github.com/grafana/grafana
(Go)
Oct 29, 2024
KubeSphere IDOR vulnerability
Moderate
CVE-2024-46528
was published
for
github.com/kubesphere/kubesphere
(Go)
Oct 14, 2024
IDOR vulnerability in account profile page
Moderate
CVE-2024-39319
was published
for
aimeos/ai-controller-frontend
(Composer)
Sep 26, 2024
Puma's header normalization allows for client to clobber proxy set headers
Moderate
CVE-2024-45614
was published
for
puma
(RubyGems)
Sep 20, 2024
Sentry improperly authorizes muting of alert rules
High
CVE-2024-45606
was published
for
sentry
(pip)
Sep 17, 2024
Sentry improperly authorizes deletion of user issue alert notifications
Moderate
CVE-2024-45605
was published
for
sentry
(pip)
Sep 17, 2024
powermail TYPO3 extension has Insecure Direct Object Reference
Moderate
CVE-2024-47047
was published
for
in2code/powermail
(Composer)
Sep 17, 2024
"powermail" (powermail) Insecure Direct Object Reference (IDOR)
Moderate
CVE-2024-45232
was published
for
in2code/powermail
(Composer)
Aug 29, 2024
Directus has an insecure object reference via PATH presets
Moderate
GHSA-3fff-gqw3-vj86
was published
for
directus
(npm)
Aug 27, 2024
Improper access control in Directus
Moderate
CVE-2024-6534
was published
for
directus
(npm)
Aug 15, 2024
Withdrawn: SFTPGo's JWT implmentation lacks certain security measures
Moderate
CVE-2024-40430
was published
for
github.com/drakkan/sftpgo/v2
(Go)
Jul 22, 2024
•
withdrawn
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources
Moderate
CVE-2024-39900
was published
for
org.opensearch.plugin:opensearch-reports-scheduler
(Maven)
Jul 18, 2024
Sylius has a security vulnerability via adjustments API endpoint
High
CVE-2024-40633
was published
for
sylius/sylius
(Composer)
Jul 17, 2024
OpenSearch Observability does not properly restrict access to private tenant resources
Moderate
CVE-2024-39901
was published
for
org.opensearch.plugin:opensearch-observability
(Maven)
Jul 10, 2024
Cache driver GetBlob() allows read access to any blob without access control check
Moderate
CVE-2024-39897
was published
for
zotregistry.dev/zot
(Go)
Jul 9, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes
High
CVE-2024-39321
was published
for
github.com/traefik/traefik/v2
(Go)
Jul 5, 2024
Missing key verification in gost
Critical
CVE-2024-39223
was published
for
github.com/ginuerzh/gost
(Go)
Jul 3, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Moderate
CVE-2024-38874
was published
for
jweiland/events2
(Composer)
Jun 21, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Low
CVE-2024-29181
was published
for
@strapi/plugin-content-manager
(npm)
Jun 12, 2024
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Moderate
GHSA-g4hp-pfvf-vm5w
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
ProTip!
Advisories are also available from the
GraphQL API