Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,644
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

550 advisories

Loading
A vulnerability, which was classified as critical, was found in SourceCodester Employee Task... High Unreviewed
CVE-2024-2576 was published Mar 18, 2024
An authorization bypass was discovered in the Carrier MASmobile Classic application through 1.16... Moderate Unreviewed
CVE-2023-36483 was published Mar 16, 2024
An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7... High Unreviewed
CVE-2024-23112 was published Mar 12, 2024
Authorization Bypass Through User-Controlled Key in go-zero Critical
CVE-2024-27302 was published for github.com/zeromicro/go-zero (Go) Mar 4, 2024
cokeBeer
Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login... High Unreviewed
CVE-2024-1470 was published Feb 29, 2024
Authorization Bypass in moodle Low
CVE-2024-25983 was published for moodle/moodle (Composer) Feb 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering... High Unreviewed
CVE-2023-6724 was published Feb 9, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED... High Unreviewed
CVE-2023-6515 was published Feb 8, 2024
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed
CVE-2024-0366 was published Feb 6, 2024
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is... Moderate Unreviewed
CVE-2023-6983 was published Feb 6, 2024
Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder... High Unreviewed
CVE-2024-22305 was published Jan 31, 2024
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0... Moderate Unreviewed
CVE-2023-7199 was published Jan 29, 2024
The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure... High Unreviewed
CVE-2024-23747 was published Jan 29, 2024
The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for... Moderate Unreviewed
CVE-2023-6384 was published Jan 22, 2024
Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige... Moderate Unreviewed
CVE-2024-0580 was published Jan 18, 2024
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience... Moderate Unreviewed
CVE-2023-7031 was published Jan 17, 2024
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via... Moderate Unreviewed
CVE-2023-36235 was published Jan 17, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) Critical
CVE-2024-22206 was published for @clerk/nextjs (npm) Jan 12, 2024
nikosdouvlis SokratisVidros
colinclerk agis braden-clerk BRKalow
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2023-6223 was published Jan 11, 2024
The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed
CVE-2023-6630 was published Jan 11, 2024
An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal... Moderate Unreviewed
CVE-2023-48783 was published Jan 10, 2024
A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). The "intermediate... High Unreviewed
CVE-2023-49251 was published Jan 9, 2024
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as... High Unreviewed
CVE-2024-0264 was published Jan 7, 2024
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe... High Unreviewed
CVE-2023-51502 was published Jan 5, 2024
HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability.  A... High Unreviewed
CVE-2023-50342 was published Jan 3, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database