Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

463 advisories

Loading
High severity vulnerability that affects YamlDotNet and YamlDotNet.Signed High
CVE-2018-1000210 was published for YamlDotNet (NuGet) Oct 16, 2018
Users can edit the tags of any discussion Moderate
GHSA-32wx-4gxx-h48f was published for flarum/tags (Composer) Jan 29, 2021
LianSheng197 SychO9
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass... Critical Unreviewed
CVE-2019-13360 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can... High Unreviewed
CVE-2019-13605 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... High Unreviewed
CVE-2019-14724 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed
CVE-2019-14721 was published May 24, 2022
Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files... High Unreviewed
CVE-2021-43957 was published Mar 17, 2022
Pterodactyl Panel vulnerable to authentication bypass due to improper user-provided security token verification High
CVE-2021-41129 was published for pterodactyl/panel (Composer) Oct 4, 2021
Sylius PayPal Plugin allows unauthorized access to Credit card form, exposing payer name and not requiring 3DS High
CVE-2021-41120 was published for sylius/paypal-plugin (Composer) Oct 6, 2021
WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access... Moderate Unreviewed
CVE-2022-26254 was published Mar 28, 2022
Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to... High Unreviewed
CVE-2021-46416 was published Apr 8, 2022
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP,... Critical Unreviewed
CVE-2022-1165 was published Apr 5, 2022
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony... Moderate Unreviewed
CVE-2022-27108 was published Apr 7, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an... Moderate Unreviewed
CVE-2022-29287 was published Apr 17, 2022
An Insecure Direct Object Reference issue exists in the Tyler Odyssey platform before 17.1.20.... High Unreviewed
CVE-2022-26665 was published Apr 19, 2022
The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from... High Unreviewed
CVE-2022-24187 was published Nov 29, 2022
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to... Moderate Unreviewed
CVE-2022-1461 was published Apr 26, 2022
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6... High Unreviewed
CVE-2022-1459 was published Apr 26, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to... Moderate Unreviewed
CVE-2021-24800 was published Apr 26, 2022
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions... Moderate Unreviewed
CVE-2022-3995 was published Nov 29, 2022
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to... High Unreviewed
CVE-2021-24739 was published Dec 22, 2021
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21012 was published May 24, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ... Critical Unreviewed
CVE-2022-30495 was published May 27, 2022
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to... Moderate Unreviewed
CVE-2022-29627 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API