GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
269 advisories
Filter by severity
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify...
Moderate
Unreviewed
CVE-2024-31898
was published
Jun 30, 2024
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all...
Moderate
Unreviewed
CVE-2024-4874
was published
Jun 22, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Moderate
CVE-2024-38874
was published
for
jweiland/events2
(Composer)
Jun 21, 2024
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference...
Moderate
Unreviewed
CVE-2024-5639
was published
Jun 21, 2024
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects...
Moderate
Unreviewed
CVE-2024-35659
was published
Jun 8, 2024
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5438
was published
Jun 7, 2024
The contains an IDOR vulnerability that allows a user to comment on a private post by...
Moderate
Unreviewed
CVE-2024-4886
was published
Jun 5, 2024
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Moderate
GHSA-g4hp-pfvf-vm5w
was published
for
silverstripe/framework
(Composer)
May 23, 2024
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11...
Moderate
Unreviewed
CVE-2024-5258
was published
May 23, 2024
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across...
Moderate
Unreviewed
CVE-2024-5166
was published
May 22, 2024
ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct...
Moderate
Unreviewed
CVE-2024-4843
was published
May 16, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress...
Moderate
Unreviewed
CVE-2024-34383
was published
May 6, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider...
Moderate
Unreviewed
CVE-2024-33542
was published
Apr 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This...
Moderate
Unreviewed
CVE-2024-32808
was published
Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This...
Moderate
Unreviewed
CVE-2024-32772
was published
Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP...
Moderate
Unreviewed
CVE-2024-32823
was published
Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This...
Moderate
Unreviewed
CVE-2024-32683
was published
Apr 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.This...
Moderate
Unreviewed
CVE-2024-32604
was published
Apr 18, 2024
A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series...
Moderate
Unreviewed
CVE-2024-22439
was published
Apr 15, 2024
Reportico affected by Incorrect Access Control
Moderate
CVE-2023-48865
was published
for
reportico-web/reportico
(Composer)
Apr 12, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress...
Moderate
Unreviewed
CVE-2024-31296
was published
Apr 7, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This...
Moderate
Unreviewed
CVE-2024-31291
was published
Apr 7, 2024
Grafana: Users outside an organization can delete a snapshot with its key
Moderate
CVE-2024-1313
was published
for
github.com/grafana/grafana
(Go)
Apr 5, 2024
ProTip!
Advisories are also available from the
GraphQL API