Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

35 advisories

Loading
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass... Critical Unreviewed
CVE-2019-13360 was published May 24, 2022
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP,... Critical Unreviewed
CVE-2022-1165 was published Apr 5, 2022
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ... Critical Unreviewed
CVE-2022-30495 was published May 27, 2022
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A... Critical Unreviewed
CVE-2021-4226 was published Dec 15, 2022
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change... Critical Unreviewed
CVE-2022-38789 was published Sep 16, 2022
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An... Critical Unreviewed
CVE-2021-37184 was published May 24, 2022
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is... Critical Unreviewed
CVE-2021-41301 was published May 24, 2022
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and... Critical Unreviewed
CVE-2019-9756 was published May 13, 2022
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint... Critical Unreviewed
CVE-2019-6716 was published May 13, 2022
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled... Critical Unreviewed
CVE-2021-45428 was published Jan 4, 2022
Authorization Bypass Through User-Controlled Key in go-restful Critical
CVE-2022-1996 was published for github.com/emicklei/go-restful (Go) Jun 9, 2022
hiddeco
Keycloak vulnerable to privilege escalation on Token Exchange feature Critical
CVE-2022-1245 was published for org.keycloak:keycloak-services (Maven) Apr 26, 2022
knutz3n kurt-r2c
usememos/memos Authorization Bypass Through User-Controlled Key vulnerability Critical
CVE-2022-4686 was published for github.com/usememos/memos (Go) Dec 23, 2022
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure... Critical Unreviewed
CVE-2023-0558 was published Jan 28, 2023
Lost and Found Information System 1.0 allows account takeover via username and password to a ... Critical Unreviewed
CVE-2023-38965 was published Nov 3, 2023
Authorization Bypass in Apache InLong Critical
CVE-2023-43668 was published for org.apache.inlong:manager-pojo (Maven) Oct 16, 2023
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an... Critical Unreviewed
CVE-2023-6144 was published Nov 21, 2023
Authorization Bypass Through User-Controlled Key in url-parse Critical
CVE-2022-0686 was published for url-parse (npm) Feb 21, 2022
Privilege escalation in sap-xssec Critical
CVE-2023-50423 was published for sap-xssec (pip) Dec 12, 2023
Escalation of privileges in @sap/xssec Critical
CVE-2023-49583 was published for @sap/xssec (npm) Dec 12, 2023
leon-vg
Improper JWT Signature Validation in SAP Security Services Library Critical
CVE-2023-50422 was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR) Critical
CVE-2024-22206 was published for @clerk/nextjs (npm) Jan 12, 2024
nikosdouvlis SokratisVidros
colinclerk agis braden-clerk BRKalow
Authorization Bypass Through User-Controlled Key in go-zero Critical
CVE-2024-27302 was published for github.com/zeromicro/go-zero (Go) Mar 4, 2024
cokeBeer
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was... Critical Unreviewed
CVE-2019-12866 was published May 24, 2022
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated... Critical Unreviewed
CVE-2019-17574 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API