GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
473 advisories
Filter by severity
An Insecure Direct Object Reference (IDOR) vulnerability was identified in lunary-ai/lunary,...
Critical
Unreviewed
CVE-2024-5128
was published
Jun 6, 2024
The contains an IDOR vulnerability that allows a user to comment on a private post by...
Moderate
Unreviewed
CVE-2024-4886
was published
Jun 5, 2024
An authorization vulnerability exists within GitLab from versions 16.10 before 16.10.6, 16.11...
Moderate
Unreviewed
CVE-2024-5258
was published
May 23, 2024
An Insecure Direct Object Reference in Google Cloud's Looker allowed metadata exposure across...
Moderate
Unreviewed
CVE-2024-5166
was published
May 22, 2024
ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct...
Moderate
Unreviewed
CVE-2024-4843
was published
May 16, 2024
An authorization bypass through user-controlled key vulnerability [CWE-639] in...
High
Unreviewed
CVE-2023-40720
was published
May 14, 2024
Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR)...
Unknown
Unreviewed
CVE-2024-33818
was published
May 14, 2024
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could...
High
Unreviewed
CVE-2024-4537
was published
May 7, 2024
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could...
High
Unreviewed
CVE-2024-4538
was published
May 7, 2024
Authorization Bypass Through User-Controlled Key vulnerability in The SEO Guys at SEOPress...
Moderate
Unreviewed
CVE-2024-34383
was published
May 6, 2024
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to...
High
Unreviewed
CVE-2024-24312
was published
May 1, 2024
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to...
High
Unreviewed
CVE-2024-33383
was published
Apr 30, 2024
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows...
High
Unreviewed
CVE-2024-28320
was published
Apr 29, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider...
Moderate
Unreviewed
CVE-2024-33542
was published
Apr 29, 2024
An issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially...
Critical
Unreviewed
CVE-2024-33668
was published
Apr 26, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This...
Moderate
Unreviewed
CVE-2024-32808
was published
Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Metagauss ProfileGrid.This...
Moderate
Unreviewed
CVE-2024-32772
was published
Apr 24, 2024
Authorization Bypass Through User-Controlled Key vulnerability in FeedbackWP Rate my Post – WP...
Moderate
Unreviewed
CVE-2024-32823
was published
Apr 24, 2024
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control...
High
Unreviewed
CVE-2024-32166
was published
Apr 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Wpmet Wp Ultimate Review.This...
Moderate
Unreviewed
CVE-2024-32683
was published
Apr 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Plechev Andrey WP-Recall.This...
Moderate
Unreviewed
CVE-2024-32604
was published
Apr 18, 2024
A potential security vulnerability has been identified in HPE FlexFabric and FlexNetwork series...
Moderate
Unreviewed
CVE-2024-22439
was published
Apr 15, 2024
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-51141
was published
Apr 11, 2024
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7....
High
Unreviewed
CVE-2023-6317
was published
Apr 9, 2024
Insecure Direct Object Reference (IDOR) in GNU Savane v.3.12 and before allows a remote attacker...
Unknown
Unreviewed
CVE-2024-27630
was published
Apr 8, 2024
ProTip!
Advisories are also available from the
GraphQL API