GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
35 advisories
Filter by severity
Authorization Bypass Through User-Controlled Key in go-zero
Critical
CVE-2024-27302
was published
for
github.com/zeromicro/go-zero
(Go)
Mar 4, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Improper JWT Signature Validation in SAP Security Services Library
Critical
CVE-2023-50422
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
Privilege escalation in sap-xssec
Critical
CVE-2023-50423
was published
for
sap-xssec
(pip)
Dec 12, 2023
Privilege escalation in sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an...
Critical
Unreviewed
CVE-2023-6144
was published
Nov 21, 2023
Lost and Found Information System 1.0 allows account takeover via username and password to a ...
Critical
Unreviewed
CVE-2023-38965
was published
Nov 3, 2023
Authorization Bypass in Apache InLong
Critical
CVE-2023-43668
was published
for
org.apache.inlong:manager-pojo
(Maven)
Oct 16, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Critical
CVE-2023-44981
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Oct 11, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows...
Critical
Unreviewed
CVE-2023-2958
was published
Jul 17, 2023
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is...
Critical
Unreviewed
CVE-2023-2276
was published
Jul 6, 2023
EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization...
Critical
Unreviewed
CVE-2023-31182
was published
Jul 6, 2023
Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers...
Critical
Unreviewed
CVE-2023-37242
was published
Jul 6, 2023
Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows...
Critical
Unreviewed
CVE-2023-3048
was published
Jun 13, 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR...
Critical
Unreviewed
CVE-2022-36247
was published
May 30, 2023
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by...
Critical
Unreviewed
CVE-2023-2713
was published
May 20, 2023
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure...
Critical
Unreviewed
CVE-2023-0558
was published
Jan 28, 2023
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability
Critical
CVE-2022-4686
was published
for
github.com/usememos/memos
(Go)
Dec 23, 2022
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A...
Critical
Unreviewed
CVE-2021-4226
was published
Dec 15, 2022
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change...
Critical
Unreviewed
CVE-2022-38789
was published
Sep 16, 2022
Authorization Bypass Through User-Controlled Key in go-restful
Critical
CVE-2022-1996
was published
for
github.com/emicklei/go-restful
(Go)
Jun 9, 2022
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ...
Critical
Unreviewed
CVE-2022-30495
was published
May 27, 2022
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is...
Critical
Unreviewed
CVE-2021-41301
was published
May 24, 2022
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An...
Critical
Unreviewed
CVE-2021-37184
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API