Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+

551 advisories

Loading
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-5977 was published Jul 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer... Critical Unreviewed
CVE-2024-5619 was published Jul 18, 2024
The OpenSearch reporting plugin improperly controls tenancy access to reporting resources Moderate
CVE-2024-39900 was published for org.opensearch.plugin:opensearch-reports-scheduler (Maven) Jul 18, 2024
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request... High Unreviewed
CVE-2024-38447 was published Jul 17, 2024
Sylius has a security vulnerability via adjustments API endpoint High
CVE-2024-40633 was published for sylius/sylius (Composer) Jul 17, 2024
OpenSearch Observability does not properly restrict access to private tenant resources Moderate
CVE-2024-39901 was published for org.opensearch.plugin:opensearch-observability (Maven) Jul 10, 2024
Cache driver GetBlob() allows read access to any blob without access control check Moderate
CVE-2024-39897 was published for zotregistry.dev/zot (Go) Jul 9, 2024
bburky
An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and... Moderate Unreviewed
CVE-2024-21759 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38048 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to... High Unreviewed
CVE-2023-38047 was published Jul 9, 2024
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged... High Unreviewed
CVE-2023-3286 was published Jul 9, 2024
A BOLA vulnerability in POST /customers allows a low privileged user to create a low privileged... Moderate Unreviewed
CVE-2023-3290 was published Jul 9, 2024
A BOLA vulnerability in POST /admins allows a low privileged user to create a high privileged... Critical Unreviewed
CVE-2023-3287 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38055 was published Jul 9, 2024
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any... High Unreviewed
CVE-2023-3289 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38054 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} allows a low privileged... Critical Unreviewed
CVE-2023-38049 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} allows a low privileged user to... Critical Unreviewed
CVE-2023-38050 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} allows a low privileged user to fetch,... Critical Unreviewed
CVE-2023-38052 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} allows a low privileged user... Critical Unreviewed
CVE-2023-38051 was published Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} allows a low privileged user to... Critical Unreviewed
CVE-2023-38053 was published Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ... High Unreviewed
CVE-2023-3288 was published Jul 9, 2024
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment... High Unreviewed
CVE-2023-3285 was published Jul 9, 2024
Bypassing IP allow-lists in traefik via HTTP/3 early data requests in QUIC 0-RTT handshakes High
CVE-2024-39321 was published for github.com/traefik/traefik/v2 (Go) Jul 5, 2024
MWedl
IBM InfoSphere Information Server 11.7 could allow an authenticated user to read or modify... Moderate Unreviewed
CVE-2024-31898 was published Jun 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database