GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,505

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,647 advisories

Filter by severity

Sort by

Least recently updated

The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which... Moderate Unreviewed

CVE-2021-24842 was published Nov 30, 2021

The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation... Moderate Unreviewed

CVE-2021-24790 was published Dec 14, 2021

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... Moderate Unreviewed

CVE-2021-20866 was published Dec 14, 2021

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... Moderate Unreviewed

CVE-2021-20867 was published Dec 14, 2021

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html... Moderate Unreviewed

CVE-2021-44937 was published Dec 15, 2021

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... Moderate Unreviewed

CVE-2021-27858 was published Dec 16, 2021

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37... Moderate Unreviewed

CVE-2021-44857 was published Dec 18, 2021

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API... Moderate Unreviewed

CVE-2021-24997 was published Dec 28, 2021

The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for... Moderate Unreviewed

CVE-2021-43333 was published Jan 2, 2022

Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE... Moderate Unreviewed

CVE-2021-40327 was published Jan 14, 2022

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF... Moderate Unreviewed

CVE-2021-25025 was published Jan 18, 2022

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5,... Moderate Unreviewed

CVE-2022-0152 was published Jan 19, 2022

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed

CVE-2021-25013 was published Jan 25, 2022

The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed

CVE-2021-24968 was published Jan 25, 2022

Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module.... Moderate Unreviewed

CVE-2021-44794 was published Jan 28, 2022

Single Connect does not perform an authorization check when using the "log-monitor" module. A... Moderate Unreviewed

CVE-2021-44792 was published Jan 28, 2022

The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress... Moderate Unreviewed

CVE-2021-25084 was published Feb 8, 2022

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed

CVE-2021-24993 was published Feb 8, 2022

The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed

CVE-2021-24839 was published Feb 8, 2022

SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks... Moderate Unreviewed

CVE-2022-22535 was published Feb 11, 2022

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, may arbitrarily... Moderate Unreviewed

CVE-2022-0188 was published Feb 15, 2022

The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks... Moderate Unreviewed

CVE-2021-25018 was published Feb 15, 2022

Missing Authorization in Eclipse Che Moderate Unreviewed

CVE-2020-10689 was published Feb 15, 2022

PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events... Moderate Unreviewed

CVE-2021-46701 was published Feb 21, 2022

Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Moderate Unreviewed

CVE-2022-0726 was published Feb 24, 2022

Previous 1 2 3 4 5 … 65 66 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,647 advisories