Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,343
Erlang
31
GitHub Actions
22
Go
2,107
Maven
5,000+
npm
3,764
NuGet
679
pip
3,452
Pub
12
RubyGems
892
Rust
886
Swift
37
Unreviewed advisories
All unreviewed
5,000+

683 advisories

Loading
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
this vulnerability affect user that even not allowed to access via the web interface. First of... Moderate Unreviewed
CVE-2022-23173 was published Jul 7, 2022
Known v1.3.1 contains Insecure Direct Object Reference Moderate
CVE-2022-30852 was published for idno/known (Composer) Jul 9, 2022
In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists... Moderate Unreviewed
CVE-2022-1881 was published Jul 16, 2022
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the... High Unreviewed
CVE-2021-24655 was published Jul 18, 2022
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote... High Unreviewed
CVE-2022-2193 was published Jul 20, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object... Moderate Unreviewed
CVE-2022-34150 was published Jul 21, 2022
The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object... Moderate Unreviewed
CVE-2022-33944 was published Jul 21, 2022
The YOP Poll WordPress plugin before 6.4.3 prioritizes getting a visitor's IP from certain HTTP... Moderate Unreviewed
CVE-2022-1600 was published Aug 2, 2022
Authenticated IDOR vulnerability in StoreApps Affiliate For WooCommerce premium plugin <= 4.7.0... Moderate Unreviewed
CVE-2022-36284 was published Aug 6, 2022
Michlol - rashim web interface Insecure direct object references (IDOR). First of all, the... Moderate Unreviewed
CVE-2022-34769 was published Aug 6, 2022
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0... Moderate Unreviewed
CVE-2022-2499 was published Aug 6, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to... High Unreviewed
CVE-2022-2367 was published Aug 9, 2022
Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7... Unknown Unreviewed
CVE-2022-2730 was published Aug 10, 2022
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.1. Moderate Unreviewed
CVE-2022-2824 was published Aug 16, 2022
The SearchWP Live Ajax Search WordPress plugin before 1.6.2 does not ensure that users making a... Moderate Unreviewed
CVE-2022-2535 was published Aug 16, 2022
Mealie 1.0.0beta3 was discovered to contain an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2022-34621 was published Aug 20, 2022
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy ... Moderate Unreviewed
CVE-2022-2198 was published Aug 23, 2022
The Sensei LMS WordPress plugin before 4.5.0 does not have proper permissions set in one of its... Moderate Unreviewed
CVE-2022-2034 was published Aug 29, 2022
The Sensei LMS WordPress plugin before 4.5.2 does not ensure that the sender of a private message... Moderate Unreviewed
CVE-2022-2080 was published Aug 29, 2022
The forgot password token basically just makes us capable of taking over the account of whoever... High Unreviewed
CVE-2022-3019 was published Aug 29, 2022
Squiz Matrix CMS 6.20 is vulnerable to an Insecure Direct Object Reference caused by failure to... Moderate Unreviewed
CVE-2022-32277 was published Sep 7, 2022
WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted... High Unreviewed
CVE-2022-36539 was published Sep 8, 2022
An issue was discovered in Airties Smart Wi-Fi before 2020-08-04. It allows attackers to change... Critical Unreviewed
CVE-2022-38789 was published Sep 16, 2022
The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address... Moderate Unreviewed
CVE-2022-2913 was published Sep 17, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database