GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+
605 advisories
Filter by severity
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote...
High
Unreviewed
CVE-2022-2193
was published
Jul 20, 2022
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the...
High
Unreviewed
CVE-2021-24655
was published
Jul 18, 2022
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists...
Moderate
Unreviewed
CVE-2022-1881
was published
Jul 16, 2022
Known v1.3.1 contains Insecure Direct Object Reference
Moderate
CVE-2022-30852
was published
for
idno/known
(Composer)
Jul 9, 2022
this vulnerability affect user that even not allowed to access via the web interface. First of...
Moderate
Unreviewed
CVE-2022-23173
was published
Jul 7, 2022
Authorization Bypass in parse-path
High
CVE-2022-0624
was published
for
parse-path
(npm)
Jun 29, 2022
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low...
Moderate
Unreviewed
CVE-2022-31883
was published
Jun 29, 2022
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects...
Moderate
Unreviewed
CVE-2017-20101
was published
Jun 28, 2022
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP...
High
Unreviewed
CVE-2022-1614
was published
Jun 21, 2022
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated...
High
Unreviewed
CVE-2022-31295
was published
Jun 17, 2022
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in...
High
Unreviewed
CVE-2022-1762
was published
Jun 14, 2022
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016...
Moderate
Unreviewed
CVE-2022-30760
was published
Jun 10, 2022
Authorization Bypass Through User-Controlled Key in go-restful
Critical
CVE-2022-1996
was published
for
github.com/emicklei/go-restful
(Go)
Jun 9, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator
Moderate
CVE-2022-31027
was published
for
oauthenticator
(pip)
Jun 6, 2022
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to...
Moderate
Unreviewed
CVE-2022-29627
was published
Jun 3, 2022
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ...
Critical
Unreviewed
CVE-2022-30495
was published
May 27, 2022
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for...
High
Unreviewed
CVE-2021-24562
was published
May 24, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2021-37215
was published
May 24, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37213
was published
May 24, 2022
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can...
Moderate
Unreviewed
CVE-2019-12252
was published
May 24, 2022
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9...
High
Unreviewed
CVE-2021-24892
was published
May 24, 2022
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to...
Moderate
Unreviewed
CVE-2021-3380
was published
May 24, 2022
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the...
Moderate
Unreviewed
CVE-2021-24840
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to...
High
Unreviewed
CVE-2021-41306
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to...
High
Unreviewed
CVE-2021-41305
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API