Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

299 advisories

Loading
Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider... Moderate Unreviewed
CVE-2024-33542 was published Apr 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This... Moderate Unreviewed
CVE-2024-32772 was published Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This... Moderate Unreviewed
CVE-2024-32808 was published Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP... Moderate Unreviewed
CVE-2024-32823 was published Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This... Moderate Unreviewed
CVE-2024-32683 was published Apr 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.This... Moderate Unreviewed
CVE-2024-32604 was published Apr 18, 2024
A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series... Moderate Unreviewed
CVE-2024-22439 was published Apr 15, 2024
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive... Moderate Unreviewed
CVE-2023-51141 was published Apr 11, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This... Moderate Unreviewed
CVE-2024-31291 was published Apr 7, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress... Moderate Unreviewed
CVE-2024-31296 was published Apr 7, 2024
Authorization Bypass Through User-Controlled Key vulnerability in UPQODE Whizz.This issue affects... Moderate Unreviewed
CVE-2024-30543 was published Mar 31, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This... Moderate Unreviewed
CVE-2024-30513 was published Mar 29, 2024
Improper authorization in the report management and creation module of BMC Control-M branches 9.0... Moderate Unreviewed
CVE-2024-1604 was published Mar 18, 2024
An authorization bypass was discovered in the Carrier MASmobile Classic application through 1.16... Moderate Unreviewed
CVE-2023-36483 was published Mar 16, 2024
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to... Moderate Unreviewed
CVE-2023-49339 was published Feb 13, 2024
The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve... Moderate Unreviewed
CVE-2024-0421 was published Feb 12, 2024
The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct... Moderate Unreviewed
CVE-2024-0366 was published Feb 6, 2024
The Display custom fields in the frontend – Post and User Profile Fields plugin for WordPress is... Moderate Unreviewed
CVE-2023-6983 was published Feb 6, 2024
The Relevanssi WordPress plugin before 4.22.0, Relevanssi Premium WordPress plugin before 2.25.0... Moderate Unreviewed
CVE-2023-7199 was published Jan 29, 2024
The WP User Profile Avatar WordPress plugin before 1.0.1 does not properly check for... Moderate Unreviewed
CVE-2023-6384 was published Jan 22, 2024
Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige... Moderate Unreviewed
CVE-2024-0580 was published Jan 18, 2024
Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience... Moderate Unreviewed
CVE-2023-7031 was published Jan 17, 2024
An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via... Moderate Unreviewed
CVE-2023-36235 was published Jan 17, 2024
The WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities... Moderate Unreviewed
CVE-2023-6824 was published Jan 16, 2024
The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all... Moderate Unreviewed
CVE-2023-6223 was published Jan 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database