GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,018
Composer 4,300
Erlang 31
GitHub Actions 21
Go 2,069
Maven 5,241
npm 3,744
NuGet 668
pip 3,429
Pub 12
RubyGems 892
Rust 880
Swift 36

Unreviewed advisories

All unreviewed 240,397

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

666 advisories

Filter by severity

Sort by

Least recently updated

A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue... Moderate Unreviewed

CVE-2024-10121 was published Oct 18, 2024

The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for... Critical Unreviewed

CVE-2024-9263 was published Oct 17, 2024

The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors... High Unreviewed

CVE-2024-9215 was published Oct 17, 2024

The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary... Critical Unreviewed

CVE-2024-9862 was published Oct 17, 2024

This vulnerability exists in the Shilpi Net Back Office due to improper access controls on... High Unreviewed

CVE-2024-47657 was published Oct 4, 2024

Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Object Reference Vulnerability... Moderate Unreviewed

CVE-2024-22455 was published Oct 16, 2024

An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on... High Unreviewed

CVE-2024-8040 was published Oct 16, 2024

The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference... Moderate Unreviewed

CVE-2023-7286 was published Oct 16, 2024

Sensitive information manipulation due to improper authorization. The following products are... Low Unreviewed

CVE-2024-49388 was published Oct 15, 2024

The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions... High Unreviewed

CVE-2024-9687 was published Oct 15, 2024

NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal... Moderate Unreviewed

CVE-2023-41356 was published Nov 3, 2023

An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated... High Unreviewed

CVE-2024-47495 was published Oct 11, 2024

Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to... Moderate Unreviewed

CVE-2023-49339 was published Feb 13, 2024

Improper authorization in the report management and creation module of BMC Control-M branches 9.0... Moderate Unreviewed

CVE-2024-1604 was published Mar 18, 2024

An issue was discovered in phpList 3.6.12. Due to an access error, it was possible to manipulate... Moderate Unreviewed

CVE-2023-27576 was published Aug 18, 2023

A vulnerability classified as problematic was found in Sovell Smart Canteen System up to 3.0.7303... Moderate Unreviewed

CVE-2024-9554 was published Oct 6, 2024

Authorization Bypass Through User-Controlled Key vulnerability in Salon Booking System Salon... Moderate Unreviewed

CVE-2024-47316 was published Oct 5, 2024

The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve... Moderate Unreviewed

CVE-2024-0421 was published Feb 12, 2024

An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including... High Unreviewed

CVE-2024-5130 was published Jun 6, 2024

An Improper Access Control vulnerability exists in the lunary-ai/lunary repository, affecting... High Unreviewed

CVE-2024-5131 was published Jun 6, 2024

A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series... Moderate Unreviewed

CVE-2024-20513 was published Oct 2, 2024

A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. It has been... Moderate Unreviewed

CVE-2024-9298 was published Sep 28, 2024

Duplicate Advisory: Improper JWT Signature Validation in SAP Security Services Library Critical

GHSA-gcgw-q47m-prvj was published for com.sap.cloud.security.xsuaa:spring-xsuaa (Maven) Dec 12, 2023 • withdrawn

Duplicate Advisory: Privilege escalation in sap/cloud-security-client-go Critical

GHSA-92cg-ghq6-9587 was published for github.com/sap/cloud-security-client-go (Go) Dec 12, 2023 • withdrawn

Duplicate Advisory: Privilege escalation in sap-xssec Critical

GHSA-p99h-pfg6-qrfg was published for sap-xssec (pip) Dec 12, 2023 • withdrawn

Previous 1 2 3 4 5 6 7 … 26 27 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

666 advisories