Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+

192 advisories

Loading
The User Activity WordPress plugin through 1.0.1 checks headers such as the X-Forwarded-For to... High Unreviewed
CVE-2022-4550 was published Feb 27, 2023
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. The program uses a fixed... High Unreviewed
CVE-2023-25403 was published Mar 4, 2023
The WooCommerce Multiple Customer Addresses & Shipping WordPress plugin before 21.7 does not... High Unreviewed
CVE-2023-0865 was published Mar 20, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information... High Unreviewed
CVE-2023-1462 was published Mar 21, 2023
Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the... High Unreviewed
CVE-2023-28686 was published Mar 24, 2023
An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the... High Unreviewed
CVE-2023-26984 was published Mar 29, 2023
The listed versions of Nexx Smart Home devices lack proper access control when executing actions.... High Unreviewed
CVE-2023-1750 was published Apr 4, 2023
An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11... High Unreviewed
CVE-2018-17455 was published Apr 16, 2023
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before... High Unreviewed
CVE-2018-17449 was published Apr 16, 2023
Improper Authorization of Index Containing Sensitive Information in GitHub repository alfio-event... High Unreviewed
CVE-2023-2260 was published Apr 24, 2023
The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in... High Unreviewed
CVE-2023-2548 was published May 16, 2023
Missing Authorization in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. High Unreviewed
CVE-2023-2844 was published May 23, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition... High Unreviewed
CVE-2023-2702 was published May 23, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo... High Unreviewed
CVE-2023-2065 was published May 24, 2023
Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows... High Unreviewed
CVE-2023-2883 was published May 25, 2023
DataEase API interface has IDOR vulnerability High
CVE-2023-32310 was published for io.dataease:dataease-plugin-common (Maven) Jun 2, 2023
lujiefsi
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low... High Unreviewed
CVE-2023-3066 was published Jun 5, 2023
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid... High Unreviewed
CVE-2021-33223 was published Jun 7, 2023
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin... High Unreviewed
CVE-2023-34000 was published Jun 14, 2023
Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket... High Unreviewed
CVE-2023-23679 was published Jun 23, 2023
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object... High Unreviewed
CVE-2023-3063 was published Jun 30, 2023
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for... High Unreviewed
CVE-2023-3133 was published Jul 4, 2023
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker... High Unreviewed
CVE-2022-42175 was published Jul 5, 2023
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz... High Unreviewed
CVE-2022-43492 was published Jul 6, 2023
Algan Yazılım Prens Student Information System product has an authenticated Insecure Direct... High Unreviewed
CVE-2022-2808 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database