Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,359
Erlang
33
GitHub Actions
22
Go
2,124
Maven
5,000+
npm
3,787
NuGet
683
pip
3,467
Pub
12
RubyGems
894
Rust
892
Swift
38
Unreviewed advisories
All unreviewed
5,000+

206 advisories

Loading
Distribution's token authentication allows to inject an untrusted signing key in a JWT High
CVE-2025-24976 was published for github.com/distribution/distribution/v3 (Go) Feb 11, 2025
evanebb
Authorization Bypass in OPC UA .NET Standard Stack High
CVE-2024-42512 was published for OPCFoundation.NetStandard.Opc.Ua (NuGet) Feb 10, 2025
In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the... High Unreviewed
CVE-2024-39033 was published Feb 6, 2025
The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features)... High Unreviewed
CVE-2024-13694 was published Jan 30, 2025
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow... High Unreviewed
CVE-2024-10497 was published Jan 17, 2025
HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access... High Unreviewed
CVE-2024-42169 was published Jan 11, 2025
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key... High Unreviewed
CVE-2024-13040 was published Dec 31, 2024
An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates)... High Unreviewed
CVE-2024-55506 was published Dec 19, 2024
Authorization bypass through user-controlled key vulnerability in streaming service in Synology... High Unreviewed
CVE-2024-4464 was published Dec 18, 2024
Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key... High Unreviewed
CVE-2024-42422 was published Dec 3, 2024
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2024-10855 was published Nov 20, 2024
An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet,... High Unreviewed
CVE-2024-11318 was published Nov 18, 2024
The WP Project Manager – Task, team, and project management plugin featuring kanban board and... High Unreviewed
CVE-2024-10174 was published Nov 13, 2024
SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized... High Unreviewed
CVE-2021-27700 was published Nov 13, 2024
This vulnerability exists in the Wave 2.0 due to missing authorization check on certain API... High Unreviewed
CVE-2024-51559 was published Nov 4, 2024
An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to... High Unreviewed
CVE-2024-48217 was published Nov 1, 2024
Authorization Bypass Through User-Controlled Key vulnerability in Paid Memberships Pro allows... High Unreviewed
CVE-2024-37277 was published Nov 1, 2024
An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul... High Unreviewed
CVE-2024-51066 was published Oct 31, 2024
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in... High Unreviewed
CVE-2024-7473 was published Oct 29, 2024
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege... High Unreviewed
CVE-2024-9637 was published Oct 26, 2024
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors... High Unreviewed
CVE-2024-9215 was published Oct 17, 2024
An authorization bypass through user-controlled key vulnerability affecting 3DSwym in 3DSwymer on... High Unreviewed
CVE-2024-8040 was published Oct 16, 2024
The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions... High Unreviewed
CVE-2024-9687 was published Oct 15, 2024
An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated... High Unreviewed
CVE-2024-47495 was published Oct 11, 2024
This vulnerability exists in the Shilpi Net Back Office due to improper access controls on... High Unreviewed
CVE-2024-47657 was published Oct 4, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database