GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
654 advisories
Filter by severity
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when...
High
Unreviewed
CVE-2021-21013
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016...
Moderate
Unreviewed
CVE-2022-30760
was published
Jun 10, 2022
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP...
High
Unreviewed
CVE-2022-1614
was published
Jun 21, 2022
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated...
High
Unreviewed
CVE-2022-31295
was published
Jun 17, 2022
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low...
Moderate
Unreviewed
CVE-2022-31883
was published
Jun 29, 2022
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass...
High
Unreviewed
CVE-2022-29008
was published
May 12, 2022
this vulnerability affect user that even not allowed to access via the web interface. First of...
Moderate
Unreviewed
CVE-2022-23173
was published
Jul 7, 2022
Known v1.3.1 contains Insecure Direct Object Reference
Moderate
CVE-2022-30852
was published
for
idno/known
(Composer)
Jul 9, 2022
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects...
Moderate
Unreviewed
CVE-2017-20101
was published
Jun 28, 2022
Authorization Bypass in parse-path
High
CVE-2022-0624
was published
for
parse-path
(npm)
Jun 29, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object...
Moderate
Unreviewed
CVE-2022-33944
was published
Jul 21, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object...
Moderate
Unreviewed
CVE-2022-34150
was published
Jul 21, 2022
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists...
Moderate
Unreviewed
CVE-2022-1881
was published
Jul 16, 2022
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the...
High
Unreviewed
CVE-2021-24655
was published
Jul 18, 2022
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote...
High
Unreviewed
CVE-2022-2193
was published
Jul 20, 2022
The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from...
Moderate
Unreviewed
CVE-2022-1613
was published
Sep 27, 2022
Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master...
Moderate
Unreviewed
CVE-2021-36865
was published
Oct 1, 2022
The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP...
Moderate
Unreviewed
CVE-2022-1600
was published
Aug 2, 2022
Improper Authorization in dolibarr/dolibarr
Moderate
CVE-2022-0731
was published
for
dolibarr/dolibarr
(Composer)
Feb 24, 2022
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the...
Moderate
Unreviewed
CVE-2022-4239
was published
Dec 26, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos...
High
Unreviewed
CVE-2022-43326
was published
Nov 29, 2022
Carinal Tien Hospital Health Report System’s login page has improper authentication, a remote...
High
Unreviewed
CVE-2021-44160
was published
Dec 30, 2021
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2022-34621
was published
Aug 20, 2022
Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0...
Moderate
Unreviewed
CVE-2022-29434
was published
May 21, 2022
In affected versions of Octopus Server it is possible to reveal information about teams via the...
Moderate
Unreviewed
CVE-2022-2828
was published
Oct 13, 2022
ProTip!
Advisories are also available from the
GraphQL API