GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
473 advisories
Filter by severity
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment...
High
Unreviewed
CVE-2023-3285
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38053
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,...
Critical
Unreviewed
CVE-2023-38052
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38055
was published
Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ...
High
Unreviewed
CVE-2023-3288
was published
Jul 9, 2024
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged...
High
Unreviewed
CVE-2023-3286
was published
Jul 9, 2024
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged...
Moderate
Unreviewed
CVE-2023-3290
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38050
was published
Jul 9, 2024
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged...
Critical
Unreviewed
CVE-2023-3287
was published
Jul 9, 2024
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any...
High
Unreviewed
CVE-2023-3289
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged...
Critical
Unreviewed
CVE-2023-38049
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38054
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to...
High
Unreviewed
CVE-2023-38047
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to...
Critical
Unreviewed
CVE-2023-38048
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user...
Critical
Unreviewed
CVE-2023-38051
was published
Jul 9, 2024
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify...
Moderate
Unreviewed
CVE-2024-31898
was published
Jun 30, 2024
The Page and Post Clone plugin for WordPress is vulnerable to Insecure Direct Object Reference in...
Moderate
Unreviewed
CVE-2024-5942
was published
Jun 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS...
High
Unreviewed
CVE-2024-1107
was published
Jun 27, 2024
The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all...
Moderate
Unreviewed
CVE-2024-4874
was published
Jun 22, 2024
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference...
Moderate
Unreviewed
CVE-2024-5639
was published
Jun 21, 2024
Kiuwan provides an API endpoint
/saas/rest/v1/info/application
to get information about any ...
Moderate
Unreviewed
CVE-2023-49112
was published
Jun 20, 2024
Authorization Bypass Through User-Controlled Key vulnerability in KiviCare.This issue affects...
Moderate
Unreviewed
CVE-2024-35659
was published
Jun 8, 2024
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-5438
was published
Jun 7, 2024
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,...
Critical
Unreviewed
CVE-2024-5128
was published
Jun 6, 2024
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including...
High
Unreviewed
CVE-2024-5130
was published
Jun 6, 2024
ProTip!
Advisories are also available from the
GraphQL API