GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,070
Composer 4,319
Erlang 31
GitHub Actions 21
Go 2,077
Maven 5,250
npm 3,746
NuGet 674
pip 3,435
Pub 12
RubyGems 892
Rust 881
Swift 37

Unreviewed advisories

All unreviewed 241,293

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

179 advisories

Filter by severity

Sort by

Least recently updated

HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access... High Unreviewed

CVE-2024-42169 was published Jan 11, 2025

In lunary-ai/lunary version 1.2.2, an incorrect synchronization vulnerability allows unprivileged... High Unreviewed

CVE-2024-4154 was published May 21, 2024

An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users... High Unreviewed

CVE-2024-4151 was published May 20, 2024

An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary... High Unreviewed

CVE-2024-1625 was published Apr 10, 2024

The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key... High Unreviewed

CVE-2024-13040 was published Dec 31, 2024

An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates)... High Unreviewed

CVE-2024-55506 was published Dec 19, 2024

In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass... High Unreviewed

CVE-2023-21131 was published Jun 15, 2023

Authorization bypass through user-controlled key vulnerability in streaming service in Synology... High Unreviewed

CVE-2024-4464 was published Dec 18, 2024

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that... High Unreviewed

CVE-2022-1949 was published Jun 3, 2022

Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key... High Unreviewed

CVE-2024-42422 was published Dec 3, 2024

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized... High Unreviewed

CVE-2024-10855 was published Nov 20, 2024

SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized... High Unreviewed

CVE-2021-27700 was published Nov 13, 2024

An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet,... High Unreviewed

CVE-2024-11318 was published Nov 18, 2024

The WP Project Manager – Task, team, and project management plugin featuring kanban board and... High Unreviewed

CVE-2024-10174 was published Nov 13, 2024

This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API... High Unreviewed

CVE-2024-51559 was published Nov 4, 2024

An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to... High Unreviewed

CVE-2024-48217 was published Nov 1, 2024

An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul... High Unreviewed

CVE-2024-51066 was published Oct 31, 2024

Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows... High Unreviewed

CVE-2024-37277 was published Nov 1, 2024

An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in... High Unreviewed

CVE-2024-7473 was published Oct 29, 2024

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege... High Unreviewed

CVE-2024-9637 was published Oct 26, 2024

The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors... High Unreviewed

CVE-2024-9215 was published Oct 17, 2024

This vulnerability exists in the Shilpi Net Back Office due to improper access controls on... High Unreviewed

CVE-2024-47657 was published Oct 4, 2024

An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on... High Unreviewed

CVE-2024-8040 was published Oct 16, 2024

The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions... High Unreviewed

CVE-2024-9687 was published Oct 15, 2024

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated... High Unreviewed

CVE-2024-47495 was published Oct 11, 2024

Previous 1 2 3 4 5 6 7 8 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

179 advisories