Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+

191 advisories

Loading
An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted... High Unreviewed
CVE-2023-46478 was published Oct 31, 2023
Adversary-induced keystream re-use on TETRA air-interface encrypted traffic using any TEA... High Unreviewed
CVE-2022-24401 was published Oct 19, 2023
Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier)... High Unreviewed
CVE-2023-38218 was published Oct 13, 2023
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')... High Unreviewed
CVE-2023-4934 was published Sep 27, 2023
Sensitive information disclosure and manipulation due to improper authorization. The following... High Unreviewed
CVE-2023-44206 was published Sep 27, 2023
The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecure Direct Object... High Unreviewed
CVE-2023-4213 was published Sep 13, 2023
SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to... High Unreviewed
CVE-2020-10130 was published Sep 6, 2023
Keylime registrar and (untrusted) Agent can be bypassed by an attacker High
CVE-2023-38201 was published for keylime (pip) Sep 6, 2023
Netmaker IDOR Allows User to Update Other User's Password High
CVE-2023-32078 was published for github.com/gravitl/netmaker (Go) Aug 25, 2023
rootxharsh iamnoooob
An issue was discovered in Tigergraph Enterprise 3.7.0. There is unsecured write access to SSH... High Unreviewed
CVE-2023-28481 was published Aug 14, 2023
Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a... High Unreviewed
CVE-2023-37543 was published Aug 10, 2023
Iagona ScrutisWeb versions 2.1.37 and prior are vulnerable to an insecure direct object reference... High Unreviewed
CVE-2023-38257 was published Jul 18, 2023
The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in... High Unreviewed
CVE-2023-3105 was published Jul 12, 2023
The Getnet Argentina para Woocommerce plugin for WordPress is vulnerable to authorization bypass... High Unreviewed
CVE-2023-3525 was published Jul 12, 2023
An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24... High Unreviewed
CVE-2023-0985 was published Jul 6, 2023
NGINX Management Suite may allow an authenticated attacker to gain access to configuration... High Unreviewed
CVE-2023-28656 was published Jul 6, 2023
Algan Yazılım Prens Student Information System product has an authenticated Insecure Direct... High Unreviewed
CVE-2022-2808 was published Jul 6, 2023
Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz... High Unreviewed
CVE-2022-43492 was published Jul 6, 2023
Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker... High Unreviewed
CVE-2022-42175 was published Jul 5, 2023
The Tutor LMS WordPress plugin before 2.2.1 does not implement adequate permission checks for... High Unreviewed
CVE-2023-3133 was published Jul 4, 2023
The SP Project & Document Manager plugin for WordPress is vulnerable to Insecure Direct Object... High Unreviewed
CVE-2023-3063 was published Jun 30, 2023
Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket... High Unreviewed
CVE-2023-23679 was published Jun 23, 2023
Unauth. IDOR vulnerability leading to PII Disclosure in WooCommerce Stripe Payment Gateway plugin... High Unreviewed
CVE-2023-34000 was published Jun 14, 2023
An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid... High Unreviewed
CVE-2021-33223 was published Jun 7, 2023
Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low... High Unreviewed
CVE-2023-3066 was published Jun 5, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database