Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

463 advisories

Loading
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is... Moderate Unreviewed
CVE-2023-6983 was published Feb 6, 2024
Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder... High Unreviewed
CVE-2024-22305 was published Jan 31, 2024
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0... Moderate Unreviewed
CVE-2023-7199 was published Jan 29, 2024
The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure... High Unreviewed
CVE-2024-23747 was published Jan 29, 2024
The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for... Moderate Unreviewed
CVE-2023-6384 was published Jan 22, 2024
Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige... Moderate Unreviewed
CVE-2024-0580 was published Jan 18, 2024
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience... Moderate Unreviewed
CVE-2023-7031 was published Jan 17, 2024
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via... Moderate Unreviewed
CVE-2023-36235 was published Jan 17, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) Critical
CVE-2024-22206 was published for @clerk/nextjs (npm) Jan 12, 2024
nikosdouvlis SokratisVidros
colinclerk agis braden-clerk BRKalow
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2023-6223 was published Jan 11, 2024
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed
CVE-2023-6630 was published Jan 11, 2024
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal... Moderate Unreviewed
CVE-2023-48783 was published Jan 10, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate... High Unreviewed
CVE-2023-49251 was published Jan 9, 2024
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as... High Unreviewed
CVE-2024-0264 was published Jan 7, 2024
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe... High Unreviewed
CVE-2023-51502 was published Jan 5, 2024
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A... High Unreviewed
CVE-2023-50342 was published Jan 3, 2024
An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an... High Unreviewed
CVE-2023-45892 was published Jan 2, 2024
An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal... High Unreviewed
CVE-2023-45893 was published Jan 2, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully... Moderate Unreviewed
CVE-2023-51503 was published Dec 31, 2023
Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to... Moderate Unreviewed
CVE-2023-46646 was published Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce... Moderate Unreviewed
CVE-2023-32747 was published Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP... Moderate Unreviewed
CVE-2023-49765 was published Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress... Moderate Unreviewed
CVE-2023-47191 was published Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Shipping Multiple... Moderate Unreviewed
CVE-2023-32799 was published Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully... High Unreviewed
CVE-2023-35916 was published Dec 20, 2023
ProTip! Advisories are also available from the GraphQL API