Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

292 advisories

Loading
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects... Moderate Unreviewed
CVE-2024-38701 was published Jul 22, 2024
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a... Moderate Unreviewed
CVE-2024-34457 was published Jul 22, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5977 was published Jul 19, 2024
NATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the... Moderate Unreviewed
CVE-2024-38446 was published Jul 17, 2024
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and... Moderate Unreviewed
CVE-2024-21759 was published Jul 9, 2024
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged... Moderate Unreviewed
CVE-2023-3290 was published Jul 9, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify... Moderate Unreviewed
CVE-2024-31898 was published Jun 30, 2024
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in... Moderate Unreviewed
CVE-2024-5942 was published Jun 29, 2024
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2024-4874 was published Jun 22, 2024
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed
CVE-2024-5639 was published Jun 21, 2024
Kiuwan provides an API endpoint /saas/rest/v1/info/application to get information about any ... Moderate Unreviewed
CVE-2023-49112 was published Jun 20, 2024
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity... Moderate Unreviewed
CVE-2024-33373 was published Jun 14, 2024
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects... Moderate Unreviewed
CVE-2024-35659 was published Jun 8, 2024
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5438 was published Jun 7, 2024
The contains an IDOR vulnerability that allows a user to comment on a private post by... Moderate Unreviewed
CVE-2024-4886 was published Jun 5, 2024
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11... Moderate Unreviewed
CVE-2024-5258 was published May 23, 2024
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across... Moderate Unreviewed
CVE-2024-5166 was published May 22, 2024
ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct... Moderate Unreviewed
CVE-2024-4843 was published May 16, 2024
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress... Moderate Unreviewed
CVE-2024-34383 was published May 6, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider... Moderate Unreviewed
CVE-2024-33542 was published Apr 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP... Moderate Unreviewed
CVE-2024-32823 was published Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This... Moderate Unreviewed
CVE-2024-32772 was published Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This... Moderate Unreviewed
CVE-2024-32808 was published Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This... Moderate Unreviewed
CVE-2024-32683 was published Apr 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.This... Moderate Unreviewed
CVE-2024-32604 was published Apr 18, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database