GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
563 advisories
Filter by severity
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference...
High
Unreviewed
CVE-2021-22023
was published
May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37212
was published
May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)...
High
Unreviewed
CVE-2021-37214
was published
May 24, 2022
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user...
High
Unreviewed
CVE-2021-36801
was published
May 24, 2022
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing...
Moderate
Unreviewed
CVE-2021-24473
was published
May 24, 2022
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object...
Moderate
Unreviewed
CVE-2021-35337
was published
May 24, 2022
JetPack Exposure of Resource to Wrong Sphere
Moderate
CVE-2021-24374
was published
for
automattic/jetpack
(Composer)
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience...
Moderate
Unreviewed
CVE-2021-31927
was published
May 24, 2022
Windows TCP/IP Driver Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2021-31970
was published
May 24, 2022
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet...
Moderate
Unreviewed
CVE-2020-6641
was published
May 24, 2022
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete...
Moderate
Unreviewed
CVE-2021-24318
was published
May 24, 2022
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability...
Moderate
Unreviewed
CVE-2020-8297
was published
May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module
Moderate
CVE-2021-21022
was published
for
magento/community-edition
(Composer)
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the...
Moderate
Unreviewed
CVE-2020-36231
was published
May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when...
High
Unreviewed
CVE-2021-21012
was published
May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when...
High
Unreviewed
CVE-2021-21013
was published
May 24, 2022
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download...
Moderate
Unreviewed
CVE-2020-26178
was published
May 24, 2022
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >=...
Moderate
Unreviewed
CVE-2020-13357
was published
May 24, 2022
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software...
Moderate
Unreviewed
CVE-2020-26068
was published
May 24, 2022
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows...
Moderate
Unreviewed
CVE-2020-27742
was published
May 24, 2022
iked in OpenIKED, as used in OpenBSD through 6.7, allows authentication bypass because ca.c has...
Critical
Unreviewed
CVE-2020-16088
was published
May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles...
Moderate
Unreviewed
CVE-2020-14174
was published
May 24, 2022
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code...
High
Unreviewed
CVE-2019-15310
was published
May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation
High
CVE-2020-13700
was published
for
airesvsg/acf-to-rest-api
(Composer)
May 24, 2022
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote...
Moderate
Unreviewed
CVE-2020-13998
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API