GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
620 advisories
Filter by severity
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users
Moderate
CVE-2024-43438
was published
for
moodle/moodle
(Composer)
Nov 7, 2024
This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API...
High
Unreviewed
CVE-2024-51559
was published
Nov 4, 2024
An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to...
High
Unreviewed
CVE-2024-48217
was published
Nov 1, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows...
High
Unreviewed
CVE-2024-37277
was published
Nov 1, 2024
A vulnerability has been found in TOTOLINK LR350 up to 9.3.5u.6369 and classified as critical....
Moderate
Unreviewed
CVE-2024-10654
was published
Nov 1, 2024
An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul...
High
Unreviewed
CVE-2024-51066
was published
Oct 31, 2024
The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-9700
was published
Oct 31, 2024
Grafana org admin can delete pending invites in different org
Low
CVE-2024-10452
was published
for
github.com/grafana/grafana
(Go)
Oct 29, 2024
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in...
High
Unreviewed
CVE-2024-7473
was published
Oct 29, 2024
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability...
Critical
Unreviewed
CVE-2024-7474
was published
Oct 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege...
Critical
Unreviewed
CVE-2024-50483
was published
Oct 28, 2024
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing...
Moderate
Unreviewed
CVE-2024-10439
was published
Oct 28, 2024
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege...
High
Unreviewed
CVE-2024-9637
was published
Oct 26, 2024
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue...
Moderate
Unreviewed
CVE-2024-10121
was published
Oct 18, 2024
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for...
Critical
Unreviewed
CVE-2024-9263
was published
Oct 17, 2024
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary...
Critical
Unreviewed
CVE-2024-9862
was published
Oct 17, 2024
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors...
High
Unreviewed
CVE-2024-9215
was published
Oct 17, 2024
Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Object Reference Vulnerability...
Moderate
Unreviewed
CVE-2024-22455
was published
Oct 16, 2024
Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially...
Moderate
Unreviewed
CVE-2023-32189
was published
Oct 16, 2024
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on...
High
Unreviewed
CVE-2024-8040
was published
Oct 16, 2024
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference...
Moderate
Unreviewed
CVE-2023-7286
was published
Oct 16, 2024
Sensitive information manipulation due to improper authorization. The following products are...
Low
Unreviewed
CVE-2024-49388
was published
Oct 15, 2024
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions...
High
Unreviewed
CVE-2024-9687
was published
Oct 15, 2024
KubeSphere IDOR vulnerability
Moderate
CVE-2024-46528
was published
for
github.com/kubesphere/kubesphere
(Go)
Oct 14, 2024
An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated...
High
Unreviewed
CVE-2024-47495
was published
Oct 11, 2024
ProTip!
Advisories are also available from the
GraphQL API