Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,069
Maven
5,000+
npm
3,744
NuGet
668
pip
3,429
Pub
12
RubyGems
892
Rust
880
Swift
36
Unreviewed advisories
All unreviewed
5,000+

384 advisories

Loading
** VERSION NOT SUPPORTED WHEN ASSIGNED ** Citrix XenApp 6.5, when 2FA is enabled, allows a remote... Moderate Unreviewed
CVE-2020-13998 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles... Moderate Unreviewed
CVE-2020-14174 was published May 24, 2022
An Insecure Direct Object Reference vulnerability in Citadel WebCit through 926 allows... Moderate Unreviewed
CVE-2020-27742 was published May 24, 2022
A vulnerability in the xAPI service of Cisco Telepresence CE Software and Cisco RoomOS Software... Moderate Unreviewed
CVE-2020-26068 was published May 24, 2022
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >=... Moderate Unreviewed
CVE-2020-13357 was published May 24, 2022
In tangro Business Workflow before 1.18.1, knowing an attachment ID, it is possible to download... Moderate Unreviewed
CVE-2020-26178 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view the... Moderate Unreviewed
CVE-2020-36231 was published May 24, 2022
Magento Insecure Direct Object Reference (IDOR) in the product module Moderate
CVE-2021-21022 was published for magento/community-edition (Composer) May 24, 2022
Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability... Moderate Unreviewed
CVE-2020-8297 was published May 24, 2022
The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete... Moderate Unreviewed
CVE-2021-24318 was published May 24, 2022
Two authorization bypass through user-controlled key vulnerabilities in the Fortinet... Moderate Unreviewed
CVE-2020-6641 was published May 24, 2022
Windows TCP/IP Driver Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2021-31970 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed
CVE-2021-31927 was published May 24, 2022
JetPack Exposure of Resource to Wrong Sphere Moderate
CVE-2021-24374 was published for automattic/jetpack (Composer) May 24, 2022
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object... Moderate Unreviewed
CVE-2021-35337 was published May 24, 2022
The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing... Moderate Unreviewed
CVE-2021-24473 was published May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed
CVE-2021-37212 was published May 24, 2022
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via... Moderate Unreviewed
CVE-2021-40352 was published May 24, 2022
An insecure, direct object vulnerability in hunting/fishing license retrieval function of the ... Moderate Unreviewed
CVE-2021-33981 was published May 24, 2022
IBM Security Guardium 10.6 and 11.3 could allow a remote authenticated attacker to obtain... Moderate Unreviewed
CVE-2021-29773 was published May 24, 2022
Windows Key Storage Provider Security Feature Bypass Vulnerability Moderate Unreviewed
CVE-2021-38624 was published May 24, 2022
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference... Moderate Unreviewed
CVE-2021-39889 was published May 24, 2022
In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed... Moderate Unreviewed
CVE-2021-36387 was published May 24, 2022
The Squaretype WordPress theme before 3.0.4 allows unauthenticated users to manipulate the... Moderate Unreviewed
CVE-2021-24840 was published May 24, 2022
Insecure direct object reference (IDOR) vulnerability in ICREM H8 SSRMS allows attackers to... Moderate Unreviewed
CVE-2021-3380 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database