Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,963
Erlang
39
GitHub Actions
38
Go
2,615
Maven
5,000+
npm
4,255
NuGet
760
pip
4,036
Pub
12
RubyGems
953
Rust
1,049
Swift
45
Unreviewed advisories
All unreviewed
5,000+

137 advisories

Loading
Duplicate Advisory: Authorization Bypass in OPC UA .NET Standard Stack High
GHSA-qv5f-57gw-vx3h was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025 withdrawn
TYPO3-EXT-SA-2025-001: Account Takeover in extension "OpenID Connect Authentication" (oidc) Moderate
CVE-2025-24856 was published for causal/oidc (Composer) Jan 28, 2025
Indico Insecure Access Moderate
CVE-2024-50633 was published for indico (pip) Jan 16, 2025
khoj has an IDOR in subscription management allows unauthorized subscription modifications Moderate
CVE-2024-52294 was published for khoj (pip) Dec 30, 2024
adventure8812 r0path
Credited to adventure8812 and r0path
TeamPass privileges issue Critical
CVE-2024-50703 was published for nilsteampassnet/teampass (Composer) Dec 30, 2024
Oqtane Framework Insecure Direct Object Reference vulnerability Moderate
CVE-2024-55471 was published for Oqtane.Framework (NuGet) Dec 20, 2024
Oqtane Framework Insecure Direct Object Reference vulnerability Low
CVE-2024-55186 was published for Oqtane.Client (NuGet) Dec 20, 2024
Spring Framework has Authorization Bypass for Case Sensitive Comparisons Moderate
CVE-2024-38827 was published for org.springframework.security:spring-security-core (Maven) Dec 2, 2024
bclozel
Credited to bclozel
Moodle IDOR when deleting OAuth2 linked accounts Moderate
CVE-2024-45690 was published for moodle/moodle (Composer) Nov 20, 2024
Moodle IDOR when accessing list of course badges Moderate
CVE-2024-48899 was published for moodle/moodle (Composer) Nov 20, 2024
Improper Authorization in dolibarr/dolibarr Moderate
CVE-2021-3991 was published for dolibarr/dolibarr (Composer) Nov 15, 2024
Moodle's IDOR in Feedback non-respondents report allows messaging arbitrary site users Moderate
CVE-2024-43438 was published for moodle/moodle (Composer) Nov 7, 2024
Moodle's IDOR in badges allows deletion of arbitrary badges Moderate
CVE-2024-43431 was published for moodle/moodle (Composer) Nov 7, 2024
Grafana org admin can delete pending invites in different org Low
CVE-2024-10452 was published for github.com/grafana/grafana (Go) Oct 29, 2024
KubeSphere IDOR vulnerability Moderate
CVE-2024-46528 was published for github.com/kubesphere/kubesphere (Go) Oct 14, 2024
Malayke
Credited to Malayke
open-webui Insecure Direct Object Reference (IDOR) vulnerability Moderate
CVE-2024-7041 was published for open-webui (pip) Oct 9, 2024
IDOR vulnerability in account profile page Moderate
CVE-2024-39319 was published for aimeos/ai-controller-frontend (Composer) Sep 26, 2024
ssshah2131
Credited to ssshah2131
Puma's header normalization allows for client to clobber proxy set headers Moderate
CVE-2024-45614 was published for puma (RubyGems) Sep 20, 2024
Next.js Cache Poisoning High
CVE-2024-46982 was published for next (npm) Sep 17, 2024
Sentry improperly authorizes muting of alert rules High
CVE-2024-45606 was published for sentry (pip) Sep 17, 2024
emanuelbeni
Credited to emanuelbeni
Sentry improperly authorizes deletion of user issue alert notifications High
CVE-2024-45605 was published for sentry (pip) Sep 17, 2024
javeedsk8341
Credited to javeedsk8341
powermail TYPO3 extension has Insecure Direct Object Reference Moderate
CVE-2024-47047 was published for in2code/powermail (Composer) Sep 17, 2024
"powermail" (powermail) Insecure Direct Object Reference (IDOR) Moderate
CVE-2024-45232 was published for in2code/powermail (Composer) Aug 29, 2024
Directus has an insecure object reference via PATH presets Moderate
CVE-2024-6534 was published for directus (npm) Aug 27, 2024
Duplicate Advisory: Improper access control in Directus Moderate
GHSA-q83v-hq3j-4pq3 was published for directus (npm) Aug 15, 2024 withdrawn
dchocoboo
Credited to dchocoboo
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database