Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

892 advisories

Loading
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21012 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the... Moderate Unreviewed
CVE-2020-36231 was published May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module Moderate
CVE-2021-21022 was published for magento/community-edition (Composer) May 24, 2022
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability... Moderate Unreviewed
CVE-2020-8297 was published May 24, 2022
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete... Moderate Unreviewed
CVE-2021-24318 was published May 24, 2022
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet... Moderate Unreviewed
CVE-2020-6641 was published May 24, 2022
Windows TCP/IP Driver Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2021-31970 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed
CVE-2021-31927 was published May 24, 2022
JetPack Exposure of Resource to Wrong Sphere Moderate
CVE-2021-24374 was published for automattic/jetpack (Composer) May 24, 2022
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2021-35337 was published May 24, 2022
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing... Moderate Unreviewed
CVE-2021-24473 was published May 24, 2022
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user... High Unreviewed
CVE-2021-36801 was published May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)... High Unreviewed
CVE-2021-37214 was published May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed
CVE-2021-37212 was published May 24, 2022
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference... High Unreviewed
CVE-2021-22023 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... High Unreviewed
CVE-2021-36032 was published May 24, 2022
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via... Moderate Unreviewed
CVE-2021-40352 was published May 24, 2022
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the ... Moderate Unreviewed
CVE-2021-33981 was published May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter... High Unreviewed
CVE-2021-40355 was published May 24, 2022
A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An... Critical Unreviewed
CVE-2021-37184 was published May 24, 2022
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain... Moderate Unreviewed
CVE-2021-29773 was published May 24, 2022
Windows Key Storage Provider Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2021-38624 was published May 24, 2022
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin... High Unreviewed
CVE-2021-36874 was published May 24, 2022
ECOA BAS controller is vulnerable to insecure direct object references that occur when the... High Unreviewed
CVE-2021-41298 was published May 24, 2022
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is... Critical Unreviewed
CVE-2021-41301 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database