Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,198
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

605 advisories

Loading
An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting... High Unreviewed
CVE-2024-5131 was published Jun 6, 2024
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5438 was published Jun 7, 2024
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects... Moderate Unreviewed
CVE-2024-35659 was published Jun 8, 2024
@strapi/plugin-content-manager leaks data via relations via the Admin Panel Low
CVE-2024-29181 was published for @strapi/plugin-content-manager (npm) Jun 12, 2024
felixdkatt derrickmehaffy
Bassel17 christiancp100
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any ... Moderate Unreviewed
CVE-2023-49112 was published Jun 20, 2024
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2024-5639 was published Jun 21, 2024
events2 TYPO3 extension insecure direct object reference (IDOR) vulnerability Moderate
CVE-2024-38874 was published for jweiland/events2 (Composer) Jun 21, 2024
iusx
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2024-4874 was published Jun 22, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS... High Unreviewed
CVE-2024-1107 was published Jun 27, 2024
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2024-5942 was published Jun 29, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify... Moderate Unreviewed
CVE-2024-31898 was published Jun 30, 2024
Missing key verification in gost Critical
CVE-2024-39223 was published for github.com/ginuerzh/gost (Go) Jul 3, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to... High Unreviewed
CVE-2023-38047 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38050 was published Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ... High Unreviewed
CVE-2023-3288 was published Jul 9, 2024
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment... High Unreviewed
CVE-2023-3285 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38048 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38054 was published Jul 9, 2024
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged... Critical Unreviewed
CVE-2023-3287 was published Jul 9, 2024
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged... Moderate Unreviewed
CVE-2023-3290 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,... Critical Unreviewed
CVE-2023-38052 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38055 was published Jul 9, 2024
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged... High Unreviewed
CVE-2023-3286 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to... Critical Unreviewed
CVE-2023-38053 was published Jul 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database