GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
49 advisories
Filter by severity
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability...
Critical
Unreviewed
CVE-2024-7474
was published
Oct 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege...
Critical
Unreviewed
CVE-2024-50483
was published
Oct 28, 2024
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for...
Critical
Unreviewed
CVE-2024-9263
was published
Oct 17, 2024
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary...
Critical
Unreviewed
CVE-2024-9862
was published
Oct 17, 2024
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via...
Critical
Unreviewed
CVE-2024-8485
was published
Sep 25, 2024
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin...
Critical
Unreviewed
CVE-2024-8791
was published
Sep 24, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties...
Critical
Unreviewed
CVE-2024-46937
was published
Sep 16, 2024
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the...
Critical
Unreviewed
CVE-2024-27113
was published
Sep 11, 2024
A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5),...
Critical
Unreviewed
CVE-2024-45032
was published
Sep 10, 2024
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-8292
was published
Sep 6, 2024
Insecure Permissions vulnerability in Friendica v.2023.12 allows a remote attacker to obtain...
Critical
Unreviewed
CVE-2024-27730
was published
Aug 15, 2024
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer...
Critical
Unreviewed
CVE-2024-5619
was published
Jul 18, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38050
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38053
was published
Jul 9, 2024
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged...
Critical
Unreviewed
CVE-2023-3287
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged...
Critical
Unreviewed
CVE-2023-38049
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38054
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user...
Critical
Unreviewed
CVE-2023-38051
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,...
Critical
Unreviewed
CVE-2023-38052
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38048
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38055
was published
Jul 9, 2024
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,...
Critical
Unreviewed
CVE-2024-5128
was published
Jun 6, 2024
ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man...
Critical
Unreviewed
CVE-2019-19755
was published
Apr 30, 2024
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially...
Critical
Unreviewed
CVE-2024-33668
was published
Apr 26, 2024
In TOTOLINK EX200 V4.0.3c.7314_B20191204, an attacker can obtain the configuration file without...
Critical
Unreviewed
CVE-2024-31815
was published
Apr 8, 2024
ProTip!
Advisories are also available from the
GraphQL API