GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
75 advisories
Filter by severity
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability
Moderate
CVE-2024-38874
was published
for
jweiland/events2
(Composer)
Jun 21, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel
Low
CVE-2024-29181
was published
for
@strapi/plugin-content-manager
(npm)
Jun 12, 2024
SilverStripe Vulnerability on 'isDev', 'isTest' and 'flush' $_GET validation
Moderate
GHSA-g4hp-pfvf-vm5w
was published
for
silverstripe/framework
(Composer)
May 23, 2024
Bonitasoft Runtime Community edition's contains an insecure direct object references vulnerability
Moderate
CVE-2024-28087
was published
for
org.bonitasoft.engine:bonita-server
(Maven)
May 15, 2024
Grafana API IDOR
Moderate
CVE-2022-21713
was published
for
github.com/grafana/grafana
(Go)
May 14, 2024
Reportico affected by Incorrect Access Control
Moderate
CVE-2023-48865
was published
for
reportico-web/reportico
(Composer)
Apr 12, 2024
Grafana: Users outside an organization can delete a snapshot with its key
Moderate
CVE-2024-1313
was published
for
github.com/grafana/grafana
(Go)
Apr 5, 2024
Duplicate Advisory: Grafana vulnerable to authorization bypass
Moderate
GHSA-mh7p-8m2f-qrm6
was published
for
github.com/grafana/grafana
(Go)
Mar 26, 2024
•
withdrawn
OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation
High
CVE-2024-29194
was published
for
@oneuptime/common-server
(npm)
Mar 25, 2024
Authorization Bypass Through User-Controlled Key in go-zero
Critical
CVE-2024-27302
was published
for
github.com/zeromicro/go-zero
(Go)
Mar 4, 2024
Authorization Bypass in moodle
Low
CVE-2024-25983
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Improper JWT Signature Validation in SAP Security Services Library
Critical
CVE-2023-50422
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
Privilege escalation in sap-xssec
Critical
CVE-2023-50423
was published
for
sap-xssec
(pip)
Dec 12, 2023
Privilege escalation in sap/cloud-security-client-go
Critical
CVE-2023-50424
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
Moodle Cross-site Scripting vulnerability
Moderate
CVE-2023-5544
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Authorization Bypass in Apache InLong
Critical
CVE-2023-43668
was published
for
org.apache.inlong:manager-pojo
(Maven)
Oct 16, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Critical
CVE-2023-44981
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Oct 11, 2023
Economizzer Insecure Direct Object Reference vulnerability
Low
CVE-2023-38872
was published
for
gugoan/economizzer
(Composer)
Sep 28, 2023
Keylime registrar and (untrusted) Agent can be bypassed by an attacker
Moderate
CVE-2023-38201
was published
for
keylime
(pip)
Sep 6, 2023
Netmaker IDOR Allows User to Update Other User's Password
High
CVE-2023-32078
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
Easy!Appointments Improper Access Control vulnerability
Moderate
CVE-2023-3700
was published
for
alextselegidis/easyappointments
(Composer)
Jul 17, 2023
DataEase API interface has IDOR vulnerability
High
CVE-2023-32310
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jun 2, 2023
ProTip!
Advisories are also available from the
GraphQL API