Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

191 advisories

Loading
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2024-10855 was published Nov 20, 2024
An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet,... High Unreviewed
CVE-2024-11318 was published Nov 18, 2024
The WP Project Manager – Task, team, and project management plugin featuring kanban board and... High Unreviewed
CVE-2024-10174 was published Nov 13, 2024
SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized... High Unreviewed
CVE-2021-27700 was published Nov 13, 2024
This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API... High Unreviewed
CVE-2024-51559 was published Nov 4, 2024
An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to... High Unreviewed
CVE-2024-48217 was published Nov 1, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows... High Unreviewed
CVE-2024-37277 was published Nov 1, 2024
An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul... High Unreviewed
CVE-2024-51066 was published Oct 31, 2024
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in... High Unreviewed
CVE-2024-7473 was published Oct 29, 2024
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2024-9637 was published Oct 26, 2024
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors... High Unreviewed
CVE-2024-9215 was published Oct 17, 2024
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on... High Unreviewed
CVE-2024-8040 was published Oct 16, 2024
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions... High Unreviewed
CVE-2024-9687 was published Oct 15, 2024
An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated... High Unreviewed
CVE-2024-47495 was published Oct 11, 2024
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on... High Unreviewed
CVE-2024-47657 was published Oct 4, 2024
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible... High Unreviewed
CVE-2024-8290 was published Sep 25, 2024
Next.js Cache Poisoning High
CVE-2024-46982 was published for next (npm) Sep 17, 2024
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
Sentry improperly authorizes deletion of user issue alert notifications High
CVE-2024-45605 was published for sentry (pip) Sep 17, 2024
javeedsk8341
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub... High Unreviewed
CVE-2024-3306 was published Sep 12, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its... High Unreviewed
CVE-2024-45786 was published Sep 11, 2024
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to... High Unreviewed
CVE-2024-8601 was published Sep 9, 2024
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2024-8428 was published Sep 6, 2024
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing... High Unreviewed
CVE-2024-8158 was published Aug 26, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe... High Unreviewed
CVE-2024-43315 was published Aug 19, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database