GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,870
Composer 4,263
Erlang 31
GitHub Actions 21
Go 2,033
Maven 5,218
npm 3,732
NuGet 662
pip 3,411
Pub 12
RubyGems 891
Rust 865
Swift 36

Unreviewed advisories

All unreviewed 237,494

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

536 advisories

Filter by severity

Sort by

Least recently updated

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, remote attackers can bypass... Critical Unreviewed

CVE-2019-13360 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can... High Unreviewed

CVE-2019-13605 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... High Unreviewed

CVE-2019-14724 was published May 24, 2022

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... Moderate Unreviewed

CVE-2019-14721 was published May 24, 2022

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files... High Unreviewed

CVE-2021-43957 was published Mar 17, 2022

WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access... Moderate Unreviewed

CVE-2022-26254 was published Mar 28, 2022

Insecure direct object reference in SUNNY TRIPOWER 5.0 Firmware version 3.10.16.R leads to... High Unreviewed

CVE-2021-46416 was published Apr 8, 2022

OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony... Moderate Unreviewed

CVE-2022-27108 was published Apr 7, 2022

The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP,... Critical Unreviewed

CVE-2022-1165 was published Apr 5, 2022

Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an... Moderate Unreviewed

CVE-2022-29287 was published Apr 17, 2022

An Insecure Direct Object Reference issue exists in the Tyler Odyssey platform before 17.1.20.... High Unreviewed

CVE-2022-26665 was published Apr 19, 2022

The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from... High Unreviewed

CVE-2022-24187 was published Nov 29, 2022

Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to... Moderate Unreviewed

CVE-2022-1461 was published Apr 26, 2022

Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6... High Unreviewed

CVE-2022-1459 was published Apr 26, 2022

The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to... Moderate Unreviewed

CVE-2021-24800 was published Apr 26, 2022

The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions... Moderate Unreviewed

CVE-2022-3995 was published Nov 29, 2022

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to... High Unreviewed

CVE-2021-24739 was published Dec 22, 2021

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed

CVE-2021-21012 was published May 24, 2022

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ... Critical Unreviewed

CVE-2022-30495 was published May 27, 2022

An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to... Moderate Unreviewed

CVE-2022-29627 was published Jun 3, 2022

Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed

CVE-2021-21013 was published May 24, 2022

An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016... Moderate Unreviewed

CVE-2022-30760 was published Jun 10, 2022

The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP... High Unreviewed

CVE-2022-1614 was published Jun 21, 2022

An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated... High Unreviewed

CVE-2022-31295 was published Jun 17, 2022

Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low... Moderate Unreviewed

CVE-2022-31883 was published Jun 29, 2022

Previous 1 2 3 4 5 … 21 22 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

536 advisories