GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
463 advisories
Filter by severity
Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows...
High
Unreviewed
CVE-2023-2883
was published
May 25, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo...
High
Unreviewed
CVE-2023-2065
was published
May 24, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition...
High
Unreviewed
CVE-2023-2702
was published
May 23, 2023
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by...
Critical
Unreviewed
CVE-2023-2713
was published
May 20, 2023
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in...
High
Unreviewed
CVE-2023-2548
was published
May 16, 2023
Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows...
Moderate
Unreviewed
CVE-2023-30216
was published
May 4, 2023
The Blocksy Companion WordPress plugin before 1.8.82 does not ensure that posts to be accessed...
Moderate
Unreviewed
CVE-2023-1911
was published
May 2, 2023
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated...
Moderate
Unreviewed
CVE-2023-1129
was published
Apr 24, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before...
High
Unreviewed
CVE-2018-17449
was published
Apr 16, 2023
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11...
High
Unreviewed
CVE-2018-17455
was published
Apr 16, 2023
An issue was discovered in LIVEBOX Collaboration vDesk through v018. An Insecure Direct Object...
Moderate
Unreviewed
CVE-2022-45175
was published
Apr 14, 2023
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability...
Moderate
Unreviewed
CVE-2020-8297
was published
May 24, 2022
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has...
Critical
Unreviewed
CVE-2020-16088
was published
May 24, 2022
Improper Control of Resource Identifiers in TCExam 14.2.2 allows a remote, authenticated attacker...
Moderate
Unreviewed
CVE-2020-5743
was published
May 24, 2022
An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to...
Moderate
Unreviewed
CVE-2019-5466
was published
May 24, 2022
The zip API endpoint in Cerberus FTP Server 8 allows an authenticated attacker without zip...
Moderate
Unreviewed
CVE-2020-5194
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the Xtivia Web Time and Expense ...
Moderate
Unreviewed
CVE-2019-19616
was published
May 24, 2022
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated...
Critical
Unreviewed
CVE-2019-17574
was published
May 24, 2022
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin...
High
Unreviewed
CVE-2019-17050
was published
May 24, 2022
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to...
High
Unreviewed
CVE-2019-14932
was published
May 24, 2022
In WESEEK GROWI before 3.5.0, the site-wide basic authentication can be bypassed by adding a URL...
High
Unreviewed
CVE-2019-13337
was published
May 24, 2022
An authorization bypass vulnerability in pinboard updates in ThoughtSpot 4.4.1 through 5.1.1 ...
High
Unreviewed
CVE-2019-12782
was published
May 24, 2022
Joruri Mail 2.1.4 and earlier does not properly manage sessions, which allows remote attackers to...
Moderate
Unreviewed
CVE-2019-5966
was published
May 24, 2022
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was...
Critical
Unreviewed
CVE-2019-12866
was published
May 24, 2022
Bludit prior to 3.9.1 allows a non-privileged user to change the password of any account,...
High
Unreviewed
CVE-2019-12742
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API