GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
90 advisories
Filter by severity
Authorization Bypass in moodle
Low
CVE-2024-25983
was published
for
moodle/moodle
(Composer)
Feb 19, 2024
@clerk/nextjs auth() and getAuth() methods vulnerable to insecure direct object reference (IDOR)
Critical
CVE-2024-22206
was published
for
@clerk/nextjs
(npm)
Jan 12, 2024
Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go
Critical
GHSA-92cg-ghq6-9587
was published
for
github.com/sap/cloud-security-client-go
(Go)
Dec 12, 2023
•
withdrawn
Escalation of privileges in @sap/xssec
Critical
CVE-2023-49583
was published
for
@sap/xssec
(npm)
Dec 12, 2023
Duplicate Advisory: Privilege escalation in sap-xssec
Critical
GHSA-p99h-pfg6-qrfg
was published
for
sap-xssec
(pip)
Dec 12, 2023
•
withdrawn
Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library
Critical
GHSA-gcgw-q47m-prvj
was published
for
com.sap.cloud.security.xsuaa:spring-xsuaa
(Maven)
Dec 12, 2023
•
withdrawn
Moodle Cross-site Scripting vulnerability
Moderate
CVE-2023-5544
was published
for
moodle/moodle
(Composer)
Nov 9, 2023
Authorization Bypass in Apache InLong
Critical
CVE-2023-43668
was published
for
org.apache.inlong:manager-pojo
(Maven)
Oct 16, 2023
Authorization Bypass Through User-Controlled Key vulnerability in Apache ZooKeeper
Critical
CVE-2023-44981
was published
for
org.apache.zookeeper:zookeeper
(Maven)
Oct 11, 2023
Economizzer Insecure Direct Object Reference vulnerability
Low
CVE-2023-38872
was published
for
gugoan/economizzer
(Composer)
Sep 28, 2023
Keylime registrar and (untrusted) Agent can be bypassed by an attacker
High
CVE-2023-38201
was published
for
keylime
(pip)
Sep 6, 2023
Netmaker IDOR Allows User to Update Other User's Password
High
CVE-2023-32078
was published
for
github.com/gravitl/netmaker
(Go)
Aug 25, 2023
Easy!Appointments Improper Access Control vulnerability
Moderate
CVE-2023-3700
was published
for
alextselegidis/easyappointments
(Composer)
Jul 17, 2023
DataEase API interface has IDOR vulnerability
High
CVE-2023-32310
was published
for
io.dataease:dataease-plugin-common
(Maven)
Jun 2, 2023
Go package pydio/cells vulnerable to authorization bypass
Moderate
CVE-2023-2978
was published
for
github.com/pydio/cells
(Go)
May 30, 2023
Moodle may allow authenticated users to enumerate other user's names via learning plans page
Moderate
CVE-2023-28334
was published
for
moodle/moodle
(Composer)
Mar 23, 2023
Authorization Bypass Through User-Controlled Key play-with-docker
Moderate
CVE-2023-28109
was published
for
github.com/play-with-docker/play-with-docker
(Go)
Mar 17, 2023
Improper Authorization in nilsteampassnet/teampass
Moderate
CVE-2023-1463
was published
for
nilsteampassnet/teampass
(Composer)
Mar 17, 2023
Moodle has Incorrect Default Permissions
Moderate
CVE-2021-36400
was published
for
moodle/moodle
(Composer)
Mar 7, 2023
usememos/memos vulnerable to Comparison of Object References Instead of Object Contents
Moderate
CVE-2022-4812
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4811
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
Moderate
CVE-2022-4806
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Authorization vulnerability
Moderate
CVE-2022-4798
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
usememos/memos Improper Access Control vulnerability
High
CVE-2022-4803
was published
for
github.com/usememos/memos
(Go)
Dec 28, 2022
ProTip!
Advisories are also available from the
GraphQL API