GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,835
Composer 4,870
Erlang 36
GitHub Actions 36
Go 2,493
Maven 5,926
npm 4,126
NuGet 735
pip 3,943
Pub 12
RubyGems 945
Rust 1,021
Swift 39

Unreviewed advisories

All unreviewed 269,203

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

892 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR ... Critical Unreviewed

CVE-2022-30495 was published May 27, 2022

The LMS by LifterLMS â€“ Online Course, Membership & Learning Management System Plugin for... High Unreviewed

CVE-2021-24562 was published May 24, 2022

The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed

CVE-2021-37215 was published May 24, 2022

The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed

CVE-2021-37213 was published May 24, 2022

In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can... Moderate Unreviewed

CVE-2019-12252 was published May 24, 2022

Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9... High Unreviewed

CVE-2021-24892 was published May 24, 2022

Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to... Moderate Unreviewed

CVE-2021-3380 was published May 24, 2022

The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the... Moderate Unreviewed

CVE-2021-24840 was published May 24, 2022

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed

CVE-2021-41305 was published May 24, 2022

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed

CVE-2021-41306 was published May 24, 2022

Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... High Unreviewed

CVE-2021-41307 was published May 24, 2022

Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU... High Unreviewed

CVE-2021-20599 was published May 24, 2022

In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through... High Unreviewed

CVE-2021-36388 was published May 24, 2022

In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an... High Unreviewed

CVE-2021-36389 was published May 24, 2022

In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed... Moderate Unreviewed

CVE-2021-36387 was published May 24, 2022

In all versions of GitLab EE since version 14.1, due to an insecure direct object reference... Moderate Unreviewed

CVE-2021-39889 was published May 24, 2022

Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by... High Unreviewed

CVE-2021-37777 was published May 24, 2022

ECOA BAS controller is vulnerable to insecure direct object references that occur when the... High Unreviewed

CVE-2021-41298 was published May 24, 2022

ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is... Critical Unreviewed

CVE-2021-41301 was published May 24, 2022

Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin... High Unreviewed

CVE-2021-36874 was published May 24, 2022

Windows Key Storage Provider Security Feature Bypass Vulnerability Moderate Unreviewed

CVE-2021-38624 was published May 24, 2022

IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain... Moderate Unreviewed

CVE-2021-29773 was published May 24, 2022

A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An... Critical Unreviewed

CVE-2021-37184 was published May 24, 2022

A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter... High Unreviewed

CVE-2021-40355 was published May 24, 2022

An insecure, direct object vulnerability in hunting/fishing license retrieval function of the ... Moderate Unreviewed

CVE-2021-33981 was published May 24, 2022

Previous 1…30…36 Next

Previous 1 2 … 28 29 30 31 32 … 35 36 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

892 advisories