GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
318 advisories
Filter by severity
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1.
Moderate
Unreviewed
CVE-2022-2824
was published
Aug 16, 2022
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0...
Moderate
Unreviewed
CVE-2022-2499
was published
Aug 6, 2022
Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the...
Moderate
Unreviewed
CVE-2022-34769
was published
Aug 6, 2022
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0...
Moderate
Unreviewed
CVE-2022-36284
was published
Aug 6, 2022
The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP...
Moderate
Unreviewed
CVE-2022-1600
was published
Aug 2, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object...
Moderate
Unreviewed
CVE-2022-33944
was published
Jul 21, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object...
Moderate
Unreviewed
CVE-2022-34150
was published
Jul 21, 2022
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists...
Moderate
Unreviewed
CVE-2022-1881
was published
Jul 16, 2022
Known v1.3.1 contains Insecure Direct Object Reference
Moderate
CVE-2022-30852
was published
for
idno/known
(Composer)
Jul 9, 2022
this vulnerability affect user that even not allowed to access via the web interface. First of...
Moderate
Unreviewed
CVE-2022-23173
was published
Jul 7, 2022
Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low...
Moderate
Unreviewed
CVE-2022-31883
was published
Jun 29, 2022
A vulnerability, which was classified as problematic, was found in ProjectSend r754. This affects...
Moderate
Unreviewed
CVE-2017-20101
was published
Jun 28, 2022
An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016...
Moderate
Unreviewed
CVE-2022-30760
was published
Jun 10, 2022
Authorization Bypass Through User-Controlled Key when using CILogonOAuthenticator oauthenticator
Moderate
CVE-2022-31027
was published
for
oauthenticator
(pip)
Jun 6, 2022
An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to...
Moderate
Unreviewed
CVE-2022-29627
was published
Jun 3, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2021-37215
was published
May 24, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37213
was published
May 24, 2022
In Zoho ManageEngine ServiceDesk Plus through 10.5, users with the lowest privileges (guest) can...
Moderate
Unreviewed
CVE-2019-12252
was published
May 24, 2022
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to...
Moderate
Unreviewed
CVE-2021-3380
was published
May 24, 2022
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the...
Moderate
Unreviewed
CVE-2021-24840
was published
May 24, 2022
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed...
Moderate
Unreviewed
CVE-2021-36387
was published
May 24, 2022
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference...
Moderate
Unreviewed
CVE-2021-39889
was published
May 24, 2022
Windows Key Storage Provider Security Feature Bypass Vulnerability
Moderate
Unreviewed
CVE-2021-38624
was published
May 24, 2022
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain...
Moderate
Unreviewed
CVE-2021-29773
was published
May 24, 2022
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the ...
Moderate
Unreviewed
CVE-2021-33981
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API