GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,477

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,498 advisories

Filter by severity

Sort by

Least recently updated

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing... Moderate Unreviewed

CVE-2023-0402 was published Jan 19, 2023

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in... Moderate Unreviewed

CVE-2021-24950 was published Mar 15, 2022

The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF... Moderate Unreviewed

CVE-2021-24958 was published Mar 15, 2022

An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious... Moderate Unreviewed

CVE-2021-45852 was published Mar 17, 2022

Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of... Critical Unreviewed

CVE-2021-45878 was published Mar 22, 2022

idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the... High Unreviewed

CVE-2022-27333 was published Mar 23, 2022

Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected... Critical Unreviewed

CVE-2022-24595 was published Mar 19, 2022

It was found that 3scale's APIdocs does not validate the access token, in the case of invalid... High Unreviewed

CVE-2021-3814 was published Mar 26, 2022

Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access... High Unreviewed

CVE-2022-27658 was published Mar 29, 2022

taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line... Critical Unreviewed

CVE-2021-45015 was published Dec 15, 2021

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html... Moderate Unreviewed

CVE-2021-44937 was published Dec 15, 2021

In Settings, there is a possible way to add an auto-connect WiFi network without the user's... High Unreviewed

CVE-2021-39768 was published Mar 31, 2022

In WindowManager, there is a possible way to start a foreground activity from the background due... High Unreviewed

CVE-2021-39758 was published Mar 31, 2022

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and... Moderate Unreviewed

CVE-2022-23183 was published Apr 1, 2022

The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require... High Unreviewed

CVE-2021-34543 was published Dec 8, 2021

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an... Critical Unreviewed

CVE-2021-27856 was published Dec 16, 2021

Hospital Management System v1.0 was discovered to lack an authorization component, allowing... Critical Unreviewed

CVE-2022-26546 was published Apr 1, 2022

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia... Moderate Unreviewed

CVE-2022-0837 was published Apr 5, 2022

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing... Moderate Unreviewed

CVE-2022-0825 was published Apr 5, 2022

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check... Moderate Unreviewed

CVE-2022-0404 was published Apr 5, 2022

An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk... High Unreviewed

CVE-2020-23349 was published Apr 6, 2022

The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed

CVE-2021-24906 was published Jan 25, 2022

The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for... Moderate Unreviewed

CVE-2021-43333 was published Jan 2, 2022

An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver... High Unreviewed

CVE-2022-27669 was published Apr 13, 2022

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any... Moderate Unreviewed

CVE-2022-1054 was published Apr 19, 2022

Previous 1 2 3 4 5 … 99 100 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,498 advisories