Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,951
Erlang
39
GitHub Actions
38
Go
2,607
Maven
5,000+
npm
4,251
NuGet
757
pip
4,017
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

961 advisories

Loading
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object... Moderate Unreviewed
CVE-2022-33944 was published Jul 21, 2022
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects... Moderate Unreviewed
CVE-2017-20101 was published Jun 28, 2022
Known v1.3.1 contains Insecure Direct Object Reference Moderate
CVE-2022-30852 was published for idno/known (Composer) Jul 9, 2022
this vulnerability affect user that even not allowed to access via the web interface. First of... Moderate Unreviewed
CVE-2022-23173 was published Jul 7, 2022
An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass... High Unreviewed
CVE-2022-29008 was published May 12, 2022
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low... Moderate Unreviewed
CVE-2022-31883 was published Jun 29, 2022
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated... High Unreviewed
CVE-2022-31295 was published Jun 17, 2022
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP... High Unreviewed
CVE-2022-1614 was published Jun 21, 2022
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016... Moderate Unreviewed
CVE-2022-30760 was published Jun 10, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21013 was published May 24, 2022
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to... Moderate Unreviewed
CVE-2022-29627 was published Jun 3, 2022
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ... Critical Unreviewed
CVE-2022-30495 was published May 27, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
Credited to GeorgianaElena and yuvipanda
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21012 was published May 24, 2022
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to... High Unreviewed
CVE-2021-24739 was published Dec 22, 2021
The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions... Moderate Unreviewed
CVE-2022-3995 was published Nov 29, 2022
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to... Moderate Unreviewed
CVE-2021-24800 was published Apr 26, 2022
Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6... High Unreviewed
CVE-2022-1459 was published Apr 26, 2022
Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to... Moderate Unreviewed
CVE-2022-1461 was published Apr 26, 2022
The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from... High Unreviewed
CVE-2022-24187 was published Nov 29, 2022
An Insecure Direct Object Reference issue exists in the Tyler Odyssey platform before 17.1.20.... High Unreviewed
CVE-2022-26665 was published Apr 19, 2022
Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. It allows an... Moderate Unreviewed
CVE-2022-29287 was published Apr 17, 2022
The Blackhole for Bad Bots WordPress plugin before 3.3.2 uses headers such as CF-CONNECTING-IP,... Critical Unreviewed
CVE-2022-1165 was published Apr 5, 2022
OrangeHRM 4.10 is vulnerable to Insecure Direct Object Reference (IDOR) via the end point symfony... Moderate Unreviewed
CVE-2022-27108 was published Apr 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database