Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

892 advisories

Loading
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1. Moderate Unreviewed
CVE-2022-2824 was published Aug 16, 2022
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7... Unknown Unreviewed
CVE-2022-2730 was published Aug 10, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to... High Unreviewed
CVE-2022-2367 was published Aug 9, 2022
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0... Moderate Unreviewed
CVE-2022-2499 was published Aug 6, 2022
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0... Moderate Unreviewed
CVE-2022-36284 was published Aug 6, 2022
Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the... Moderate Unreviewed
CVE-2022-34769 was published Aug 6, 2022
The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP... Moderate Unreviewed
CVE-2022-1600 was published Aug 2, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object... Moderate Unreviewed
CVE-2022-33944 was published Jul 21, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object... Moderate Unreviewed
CVE-2022-34150 was published Jul 21, 2022
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote... High Unreviewed
CVE-2022-2193 was published Jul 20, 2022
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the... High Unreviewed
CVE-2021-24655 was published Jul 18, 2022
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists... Moderate Unreviewed
CVE-2022-1881 was published Jul 16, 2022
Known v1.3.1 contains Insecure Direct Object Reference Moderate
CVE-2022-30852 was published for idno/known (Composer) Jul 9, 2022
this vulnerability affect user that even not allowed to access via the web interface. First of... Moderate Unreviewed
CVE-2022-23173 was published Jul 7, 2022
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low... Moderate Unreviewed
CVE-2022-31883 was published Jun 29, 2022
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects... Moderate Unreviewed
CVE-2017-20101 was published Jun 28, 2022
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP... High Unreviewed
CVE-2022-1614 was published Jun 21, 2022
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated... High Unreviewed
CVE-2022-31295 was published Jun 17, 2022
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in... High Unreviewed
CVE-2022-1762 was published Jun 14, 2022
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016... Moderate Unreviewed
CVE-2022-30760 was published Jun 10, 2022
Authorization Bypass Through User-Controlled Key in go-restful Critical
CVE-2022-1996 was published for github.com/emicklei/go-restful (Go) Jun 9, 2022
hiddeco
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator Moderate
CVE-2022-31027 was published for oauthenticator (pip) Jun 6, 2022
GeorgianaElena yuvipanda
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to... Moderate Unreviewed
CVE-2022-29627 was published Jun 3, 2022
An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that... High Unreviewed
CVE-2022-1949 was published Jun 3, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database