GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,936
Maven
5,000+
npm
3,671
NuGet
642
pip
3,288
Pub
10
RubyGems
873
Rust
828
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
263 advisories
Filter by severity
NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal...
Moderate
Unreviewed
CVE-2023-41356
was published
Nov 3, 2023
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to...
Moderate
Unreviewed
CVE-2023-49339
was published
Feb 13, 2024
Improper authorization in the report management and creation module of BMC Control-M branches 9.0...
Moderate
Unreviewed
CVE-2024-1604
was published
Mar 18, 2024
An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate...
Moderate
Unreviewed
CVE-2023-27576
was published
Aug 18, 2023
A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303...
Moderate
Unreviewed
CVE-2024-9554
was published
Oct 6, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon...
Moderate
Unreviewed
CVE-2024-47316
was published
Oct 5, 2024
The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve...
Moderate
Unreviewed
CVE-2024-0421
was published
Feb 12, 2024
A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series...
Moderate
Unreviewed
CVE-2024-20513
was published
Oct 2, 2024
A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been...
Moderate
Unreviewed
CVE-2024-9298
was published
Sep 28, 2024
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all...
Moderate
Unreviewed
CVE-2022-3459
was published
Sep 16, 2024
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object...
Moderate
Unreviewed
CVE-2024-25270
was published
Sep 12, 2024
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4....
Moderate
Unreviewed
CVE-2024-7437
was published
Aug 3, 2024
A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic....
Moderate
Unreviewed
CVE-2024-7438
was published
Aug 3, 2024
On versions before 2.1.4, after a regular user successfully logs in, they can manually make a...
Moderate
Unreviewed
CVE-2024-34457
was published
Jul 22, 2024
An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer...
Moderate
Unreviewed
CVE-2023-44254
was published
Sep 10, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure...
Moderate
Unreviewed
CVE-2024-8123
was published
Sep 4, 2024
An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view...
Moderate
Unreviewed
CVE-2024-40395
was published
Aug 27, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project...
Moderate
Unreviewed
CVE-2024-43916
was published
Aug 26, 2024
The User Private Files – WordPress File Sharing Plugin plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-7848
was published
Aug 22, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This...
Moderate
Unreviewed
CVE-2024-43350
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Dylan James Zephyr Project...
Moderate
Unreviewed
CVE-2024-43322
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in WP Job Portal.This issue...
Moderate
Unreviewed
CVE-2024-43266
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team wpForo Forum.This...
Moderate
Unreviewed
CVE-2024-43288
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Masteriyo Masteriyo - LMS.This...
Moderate
Unreviewed
CVE-2024-43239
was published
Aug 19, 2024
An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive...
Moderate
Unreviewed
CVE-2023-51141
was published
Apr 11, 2024
ProTip!
Advisories are also available from the
GraphQL API