GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
551 advisories
Filter by severity
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9...
High
Unreviewed
CVE-2021-24892
was published
May 24, 2022
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy ...
Moderate
Unreviewed
CVE-2022-2198
was published
Aug 23, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37213
was published
May 24, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2021-37215
was published
May 24, 2022
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for...
High
Unreviewed
CVE-2021-24562
was published
May 24, 2022
The Directorist WordPress plugin before 7.4.2.2 suffers from an IDOR vulnerability which an...
Moderate
Unreviewed
CVE-2022-3930
was published
Dec 12, 2022
Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object...
Moderate
Unreviewed
CVE-2022-42067
was published
Oct 14, 2022
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on...
Moderate
Unreviewed
CVE-2022-40205
was published
Nov 9, 2022
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various...
High
Unreviewed
CVE-2022-3805
was published
Dec 22, 2022
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various AJAX...
Moderate
Unreviewed
CVE-2022-3794
was published
Dec 22, 2022
WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted...
High
Unreviewed
CVE-2022-36539
was published
Sep 8, 2022
Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on...
Moderate
Unreviewed
CVE-2022-40206
was published
Nov 9, 2022
Jenkins Google Compute Engine Plugin does not verify SSH host keys when connecting agents created by the plugin
Moderate
CVE-2019-16546
was published
for
org.jenkins-ci.plugins:google-compute-engine
(Maven)
May 24, 2022
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as...
High
Unreviewed
CVE-2022-3846
was published
Dec 5, 2022
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing...
Moderate
Unreviewed
CVE-2022-4097
was published
Dec 12, 2022
An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. It is possible to...
Moderate
Unreviewed
CVE-2019-9921
was published
May 13, 2022
In Shopizer versions 2.0 to 2.17.0 a regular admin can permanently delete a superadmin (although...
Moderate
Unreviewed
CVE-2022-23061
was published
May 3, 2022
LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure...
High
Unreviewed
CVE-2022-28986
was published
May 11, 2022
An issue has been discovered in GitLab EE affecting all versions starting from 13.10 before 15.0...
Moderate
Unreviewed
CVE-2022-2499
was published
Aug 6, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to...
High
Unreviewed
CVE-2022-2367
was published
Aug 9, 2022
Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions...
Moderate
Unreviewed
CVE-2022-1352
was published
May 12, 2022
Authorization Bypass Through User-Controlled Key in Bagisto
Moderate
CVE-2019-16403
was published
for
bagisto/bagisto
(Composer)
Nov 8, 2019
IDOR can reveal execution data and logs to unauthorized user in Rundeck
Moderate
CVE-2020-11009
was published
for
org.rundeck:rundeck
(Maven)
Apr 29, 2020
The SHAREit application before 4.0.42 for Android allows a remote attacker (on the same network...
Moderate
Unreviewed
CVE-2019-9938
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API