Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,293
Erlang
31
GitHub Actions
21
Go
2,061
Maven
5,000+
npm
3,744
NuGet
668
pip
3,423
Pub
12
RubyGems
892
Rust
875
Swift
36
Unreviewed advisories
All unreviewed
5,000+

197 advisories

Loading
The iQ Block Country WordPress plugin through 1.2.13 does not properly checks HTTP headers in... High Unreviewed
CVE-2022-1762 was published Jun 14, 2022
An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated... High Unreviewed
CVE-2022-31295 was published Jun 17, 2022
The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP... High Unreviewed
CVE-2022-1614 was published Jun 21, 2022
Authorization Bypass in parse-path High
CVE-2022-0624 was published for parse-path (npm) Jun 29, 2022
The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the... High Unreviewed
CVE-2021-24655 was published Jul 18, 2022
Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote... High Unreviewed
CVE-2022-2193 was published Jul 20, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to... High Unreviewed
CVE-2022-2367 was published Aug 9, 2022
The forgot password token basically just makes us capable of taking over the account of whoever... High Unreviewed
CVE-2022-3019 was published Aug 29, 2022
WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted... High Unreviewed
CVE-2022-36539 was published Sep 8, 2022
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19... High Unreviewed
CVE-2022-41479 was published Oct 18, 2022
An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any... High Unreviewed
CVE-2022-33077 was published Oct 19, 2022
Magento Improper input validation vulnerability High
CVE-2022-42344 was published for magento/community-edition (Composer) Oct 20, 2022
Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey... High Unreviewed
CVE-2021-36906 was published Nov 4, 2022
The function check_is_login_page() uses headers for the IP check, which can be easily spoofed. High Unreviewed
CVE-2022-1579 was published Nov 21, 2022
An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an... High Unreviewed
CVE-2022-3589 was published Nov 21, 2022
The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from... High Unreviewed
CVE-2022-24187 was published Nov 29, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos... High Unreviewed
CVE-2022-43326 was published Nov 29, 2022
The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as... High Unreviewed
CVE-2022-3846 was published Dec 5, 2022
Improper Access Control in GitHub repository openemr/openemr prior to 7.0.0.2. High Unreviewed
CVE-2022-4505 was published Dec 15, 2022
The Jeg Elementor Kit plugin for WordPress is vulnerable to authorization bypass in various... High Unreviewed
CVE-2022-3805 was published Dec 22, 2022
usememos/memos Improper Access Control vulnerability High
CVE-2022-4803 was published for github.com/usememos/memos (Go) Dec 28, 2022
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object... High Unreviewed
CVE-2022-40319 was published Jan 17, 2023
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). The Java... High Unreviewed
CVE-2022-45927 was published Jan 19, 2023
The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or... High Unreviewed
CVE-2022-4794 was published Jan 30, 2023
Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software... High Unreviewed
CVE-2022-34138 was published Feb 3, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database