GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
456 advisories
Filter by severity
Authorization Bypass Through User-Controlled Key vulnerability in Blaz K. Rate my Post – WP...
Moderate
Unreviewed
CVE-2023-49765
was published
Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress...
Moderate
Unreviewed
CVE-2023-47191
was published
Dec 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully...
High
Unreviewed
CVE-2023-35916
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions...
High
Unreviewed
CVE-2023-35914
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial...
Moderate
Unreviewed
CVE-2023-36520
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square...
High
Unreviewed
CVE-2023-35876
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart...
Moderate
Unreviewed
CVE-2023-41796
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments –...
Low
Unreviewed
CVE-2023-46311
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce GoCardless.This...
High
Unreviewed
CVE-2023-37871
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Jordy Meow Photo Engine (Media...
Moderate
Unreviewed
CVE-2023-38513
was published
Dec 20, 2023
EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object...
High
Unreviewed
CVE-2023-6929
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects...
Moderate
Unreviewed
CVE-2022-43450
was published
Dec 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap...
Moderate
Unreviewed
CVE-2023-49812
was published
Dec 19, 2023
Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to...
Moderate
Unreviewed
CVE-2023-46701
was published
Dec 12, 2023
Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference...
High
Unreviewed
CVE-2023-48641
was published
Dec 12, 2023
Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view...
Moderate
Unreviewed
CVE-2023-6341
was published
Nov 30, 2023
The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure...
Moderate
Unreviewed
CVE-2023-6226
was published
Nov 28, 2023
OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that...
High
Unreviewed
CVE-2023-49298
was published
Nov 24, 2023
SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a...
Moderate
Unreviewed
CVE-2023-33706
was published
Nov 24, 2023
Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows...
Moderate
Unreviewed
CVE-2023-47316
was published
Nov 22, 2023
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an...
Critical
Unreviewed
CVE-2023-6144
was published
Nov 21, 2023
An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of...
High
Unreviewed
CVE-2023-38884
was published
Nov 20, 2023
Insecure Direct Object References (IDOR) in EMSigner v2.8.7 allow attackers to gain unauthorized...
Moderate
Unreviewed
CVE-2023-43900
was published
Nov 14, 2023
In the module "Order Duplicator " Clone and Delete Existing Order" (orderduplicate) in version <=...
High
Unreviewed
CVE-2023-45380
was published
Nov 8, 2023
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal...
Moderate
Unreviewed
CVE-2023-41356
was published
Nov 3, 2023
ProTip!
Advisories are also available from the
GraphQL API