GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,916
Maven
5,000+
npm
3,646
NuGet
638
pip
3,263
Pub
10
RubyGems
870
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
152 advisories
Filter by severity
The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible...
High
Unreviewed
CVE-2024-8290
was published
Sep 25, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub...
High
Unreviewed
CVE-2024-3306
was published
Sep 12, 2024
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its...
High
Unreviewed
CVE-2024-45786
was published
Sep 11, 2024
This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to...
High
Unreviewed
CVE-2024-8601
was published
Sep 9, 2024
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege...
High
Unreviewed
CVE-2024-8428
was published
Sep 6, 2024
A bug in the 9p authentication implementation within lib9p allows an attacker with an existing...
High
Unreviewed
CVE-2024-8158
was published
Aug 26, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe...
High
Unreviewed
CVE-2024-43315
was published
Aug 19, 2024
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product...
High
Unreviewed
CVE-2024-42463
was published
Aug 16, 2024
Authorization Bypass Through User-Controlled Key vulnerability in upKeeper Solutions product...
High
Unreviewed
CVE-2024-42464
was published
Aug 16, 2024
NATO NCI ANET 3.4.1 allows Insecure Direct Object Reference via a modified ID field in a request...
High
Unreviewed
CVE-2024-38447
was published
Jul 17, 2024
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment...
High
Unreviewed
CVE-2023-3285
was published
Jul 9, 2024
A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to...
High
Unreviewed
CVE-2023-38047
was published
Jul 9, 2024
A BOLA vulnerability in POST /secretaries allows a low privileged user to create a low privileged...
High
Unreviewed
CVE-2023-3286
was published
Jul 9, 2024
A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user ...
High
Unreviewed
CVE-2023-3288
was published
Jul 9, 2024
A BOLA vulnerability in POST /services allows a low privileged user to create a service for any...
High
Unreviewed
CVE-2023-3289
was published
Jul 9, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS...
High
Unreviewed
CVE-2024-1107
was published
Jun 27, 2024
An authorization bypass through user-controlled key vulnerability [CWE-639] in...
High
Unreviewed
CVE-2023-40720
was published
May 14, 2024
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could...
High
Unreviewed
CVE-2024-4537
was published
May 7, 2024
IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could...
High
Unreviewed
CVE-2024-4538
was published
May 7, 2024
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to...
High
Unreviewed
CVE-2024-24312
was published
May 1, 2024
Arbitrary File Read vulnerability in novel-plus 4.3.0 and before allows a remote attacker to...
High
Unreviewed
CVE-2024-33383
was published
Apr 30, 2024
Insecure Direct Object References (IDOR) vulnerability in Hospital Management System 1.0 allows...
High
Unreviewed
CVE-2024-28320
was published
Apr 29, 2024
Webid v1.2.1 suffers from an Insecure Direct Object Reference (IDOR) - Broken Access Control...
High
Unreviewed
CVE-2024-32166
was published
Apr 19, 2024
A prompt bypass exists in the secondscreen.gateway service running on webOS version 4 through 7....
High
Unreviewed
CVE-2023-6317
was published
Apr 9, 2024
Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows...
High
Unreviewed
CVE-2023-6523
was published
Apr 5, 2024
ProTip!
Advisories are also available from the
GraphQL API