Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,831
Erlang
36
GitHub Actions
33
Go
2,451
Maven
5,000+
npm
4,073
NuGet
723
pip
3,868
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

249 advisories

Loading
Magento 2 Community Edition IDOR Vulnerability High
CVE-2019-7890 was published for magento/community-edition (Composer) May 24, 2022
Magento 2 Community Edition Access Control Bypass High
CVE-2019-7950 was published for magento/community-edition (Composer) May 24, 2022
The Recruitment module in Humanica Humatrix 7 1.0.0.681 and 1.0.0.203 allows remote attackers to... High Unreviewed
CVE-2019-14932 was published May 24, 2022
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.851, an insecure object reference allows... High Unreviewed
CVE-2019-14724 was published May 24, 2022
An issue was discovered in the Voyager package through 1.2.7 for Laravel. An attacker with admin... High Unreviewed
CVE-2019-17050 was published May 24, 2022
acf-to-rest-api plugin insecure direct object reference (IDOR) via permalink manipulation High
CVE-2020-13700 was published for airesvsg/acf-to-rest-api (Composer) May 24, 2022
MarkLee131
An issue was discovered on various devices via the Linkplay firmware. There is WAN remote code... High Unreviewed
CVE-2019-15310 was published May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21012 was published May 24, 2022
Adobe Bridge version 11.0 (and earlier) is affected by an out-of-bounds write vulnerability when... High Unreviewed
CVE-2021-21013 was published May 24, 2022
Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user... High Unreviewed
CVE-2021-36801 was published May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)... High Unreviewed
CVE-2021-37214 was published May 24, 2022
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference... High Unreviewed
CVE-2021-22023 was published May 24, 2022
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are... High Unreviewed
CVE-2021-36032 was published May 24, 2022
A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter... High Unreviewed
CVE-2021-40355 was published May 24, 2022
Authenticated Insecure Direct Object References (IDOR) vulnerability in WordPress uListing plugin... High Unreviewed
CVE-2021-36874 was published May 24, 2022
ECOA BAS controller is vulnerable to insecure direct object references that occur when the... High Unreviewed
CVE-2021-41298 was published May 24, 2022
Gila CMS 2.2.0 is vulnerable to Insecure Direct Object Reference (IDOR). Thumbnails uploaded by... High Unreviewed
CVE-2021-37777 was published May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download uploaded images through an... High Unreviewed
CVE-2021-36389 was published May 24, 2022
In Yellowfin before 9.6.1 it is possible to enumerate and download users profile pictures through... High Unreviewed
CVE-2021-36388 was published May 24, 2022
Authorization bypass through user-controlled key vulnerability in MELSEC iQ-R series Safety CPU... High Unreviewed
CVE-2021-20599 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow unauthenticated remote attackers... High Unreviewed
CVE-2021-41307 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed
CVE-2021-41305 was published May 24, 2022
Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to... High Unreviewed
CVE-2021-41306 was published May 24, 2022
Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9... High Unreviewed
CVE-2021-24892 was published May 24, 2022
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for... High Unreviewed
CVE-2021-24562 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database