Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,201
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,702
NuGet
660
pip
3,328
Pub
11
RubyGems
883
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

176 advisories

Loading
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious... Critical Unreviewed
CVE-2023-34063 was published Jan 16, 2024
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN... Critical Unreviewed
CVE-2023-20252 was published Sep 27, 2023
Code execution in pandasai Critical
CVE-2024-23752 was published for pandasai (pip) Jan 22, 2024
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21685 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault westonsteimel
sunSUNQ
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows... Critical Unreviewed
CVE-2021-28141 was published May 24, 2022
Missing authorization vulnerability in System webapi component in Synology Surveillance Station... Critical Unreviewed
CVE-2024-29241 was published Mar 28, 2024
** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access.... Critical Unreviewed
CVE-2021-28154 was published May 24, 2022
Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass Critical Unreviewed
CVE-2013-3960 was published May 5, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The... Critical Unreviewed
CVE-2019-1010150 was published May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The... Critical Unreviewed
CVE-2019-1010152 was published May 24, 2022
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms... Critical Unreviewed
CVE-2019-1010149 was published May 24, 2022
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>,... Critical Unreviewed
CVE-2020-6823 was published May 24, 2022
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app,... Critical Unreviewed
CVE-2023-2193 was published Apr 20, 2023
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to,... Critical Unreviewed
CVE-2019-25141 was published Jun 7, 2023
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on... Critical Unreviewed
CVE-2020-36730 was published Jun 7, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing... Critical Unreviewed
CVE-2021-4341 was published Jun 7, 2023
The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated... Critical Unreviewed
CVE-2021-4343 was published Jun 7, 2023
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File... Critical Unreviewed
CVE-2021-4356 was published Jun 7, 2023
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing... Critical Unreviewed
CVE-2021-4362 was published Jun 7, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and... Critical Unreviewed
CVE-2021-4370 was published Jun 7, 2023
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in... Critical Unreviewed
CVE-2021-4374 was published Jun 7, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to... Critical Unreviewed
CVE-2021-4381 was published Jun 7, 2023
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing... Critical Unreviewed
CVE-2023-0291 was published Jun 9, 2023
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user... Critical Unreviewed
CVE-2023-3076 was published Jul 10, 2023
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege... Critical Unreviewed
CVE-2023-26301 was published Jul 21, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database