GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
49 advisories
Filter by severity
TLR-2005KSH is affected by an incorrect access control vulnerability. THe PUT method is enabled...
Critical
Unreviewed
CVE-2021-45428
was published
Jan 4, 2022
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP,...
Critical
Unreviewed
CVE-2022-1165
was published
Apr 5, 2022
An unauthenticated Insecure Direct Object Reference (IDOR) in Wicket Core in LogonBox Nervepoint...
Critical
Unreviewed
CVE-2019-6716
was published
May 13, 2022
An issue was discovered in GitLab Community and Enterprise Edition 10.x (starting from 10.8) and...
Critical
Unreviewed
CVE-2019-9756
was published
May 13, 2022
An Insecure Direct Object Reference, with Authorization Bypass through a User-Controlled Key, was...
Critical
Unreviewed
CVE-2019-12866
was published
May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass...
Critical
Unreviewed
CVE-2019-13360
was published
May 24, 2022
An issue was discovered in the Popup Maker plugin before 1.8.13 for WordPress. An unauthenticated...
Critical
Unreviewed
CVE-2019-17574
was published
May 24, 2022
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has...
Critical
Unreviewed
CVE-2020-16088
was published
May 24, 2022
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An...
Critical
Unreviewed
CVE-2021-37184
was published
May 24, 2022
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is...
Critical
Unreviewed
CVE-2021-41301
was published
May 24, 2022
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ...
Critical
Unreviewed
CVE-2022-30495
was published
May 27, 2022
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change...
Critical
Unreviewed
CVE-2022-38789
was published
Sep 16, 2022
RSFirewall tries to identify the original IP address by looking at different HTTP headers. A...
Critical
Unreviewed
CVE-2021-4226
was published
Dec 15, 2022
The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to an unsecure...
Critical
Unreviewed
CVE-2023-0558
was published
Jan 28, 2023
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by...
Critical
Unreviewed
CVE-2023-2713
was published
May 20, 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR...
Critical
Unreviewed
CVE-2022-36247
was published
May 30, 2023
Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows...
Critical
Unreviewed
CVE-2023-3048
was published
Jun 13, 2023
Vulnerability of commands from the modem being intercepted in the atcmdserver module. Attackers...
Critical
Unreviewed
CVE-2023-37242
was published
Jul 6, 2023
EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization...
Critical
Unreviewed
CVE-2023-31182
was published
Jul 6, 2023
The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is...
Critical
Unreviewed
CVE-2023-2276
was published
Jul 6, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows...
Critical
Unreviewed
CVE-2023-2958
was published
Jul 17, 2023
Lost and Found Information System 1.0 allows account takeover via username and password to a ...
Critical
Unreviewed
CVE-2023-38965
was published
Nov 3, 2023
Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an...
Critical
Unreviewed
CVE-2023-6144
was published
Nov 21, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating...
Critical
Unreviewed
CVE-2024-31095
was published
Mar 31, 2024
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without...
Critical
Unreviewed
CVE-2024-31815
was published
Apr 8, 2024
ProTip!
Advisories are also available from the
GraphQL API