Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,081
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,642
NuGet
638
pip
3,258
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

550 advisories

Loading
IDOR vulnerability in account profile page Moderate
CVE-2024-39319 was published for aimeos/ai-controller-frontend (Composer) Sep 26, 2024
ssshah2131
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible... High Unreviewed
CVE-2024-8290 was published Sep 25, 2024
The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via... Critical Unreviewed
CVE-2024-8485 was published Sep 25, 2024
The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin... Critical Unreviewed
CVE-2024-8791 was published Sep 24, 2024
Puma's header normalization allows for client to clobber proxy set headers Moderate
CVE-2024-45614 was published for puma (RubyGems) Sep 20, 2024
Next.js Cache Poisoning High
CVE-2024-46982 was published for next (npm) Sep 17, 2024
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
Sentry improperly authorizes deletion of user issue alert notifications Moderate
CVE-2024-45605 was published for sentry (pip) Sep 17, 2024
javeedsk8341
powermail TYPO3 extension has Insecure Direct Object Reference Moderate
CVE-2024-47047 was published for in2code/powermail (Composer) Sep 17, 2024
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.7 prior to 17.1.7... Low Unreviewed
CVE-2024-6685 was published Sep 17, 2024
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties... Critical Unreviewed
CVE-2024-46937 was published Sep 16, 2024
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all... Moderate Unreviewed
CVE-2022-3459 was published Sep 16, 2024
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object... Moderate Unreviewed
CVE-2024-25270 was published Sep 12, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub... High Unreviewed
CVE-2024-3306 was published Sep 12, 2024
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the... Critical Unreviewed
CVE-2024-27113 was published Sep 11, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its... High Unreviewed
CVE-2024-45786 was published Sep 11, 2024
An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer... Moderate Unreviewed
CVE-2023-44254 was published Sep 10, 2024
A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5),... Critical Unreviewed
CVE-2024-45032 was published Sep 10, 2024
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to... High Unreviewed
CVE-2024-8601 was published Sep 9, 2024
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege... High Unreviewed
CVE-2024-8428 was published Sep 6, 2024
The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-8292 was published Sep 6, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Insecure... Moderate Unreviewed
CVE-2024-8123 was published Sep 4, 2024
"powermail" (powermail) Insecure Direct Object Reference (IDOR) Moderate
CVE-2024-45232 was published for in2code/powermail (Composer) Aug 29, 2024
Directus has an insecure object reference via PATH presets Moderate
GHSA-3fff-gqw3-vj86 was published for directus (npm) Aug 27, 2024
An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view... Moderate Unreviewed
CVE-2024-40395 was published Aug 27, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database