GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,384 advisories
Filter by severity
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized...
Moderate
Unreviewed
CVE-2024-4450
was published
Jun 19, 2024
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through...
Moderate
Unreviewed
CVE-2023-45370
was published
Oct 9, 2023
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is...
Moderate
Unreviewed
CVE-2024-7888
was published
Sep 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability...
Moderate
Unreviewed
CVE-2024-37930
was published
Aug 13, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7...
Moderate
Unreviewed
CVE-2024-4660
was published
Sep 12, 2024
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-7721
was published
Sep 11, 2024
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-7727
was published
Sep 11, 2024
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to...
Moderate
Unreviewed
CVE-2024-8369
was published
Sep 10, 2024
The RFC enabled function module allows a low privileged user to perform denial of service on any...
Moderate
Unreviewed
CVE-2024-45285
was published
Sep 10, 2024
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an...
Moderate
Unreviewed
CVE-2024-44112
was published
Sep 10, 2024
The RFC enabled function module allows a low privileged user to perform various actions, such as...
Moderate
Unreviewed
CVE-2024-44117
was published
Sep 10, 2024
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin...
Moderate
Unreviewed
CVE-2024-45286
was published
Sep 10, 2024
The RFC enabled function module allows a low privileged user to add URLs to any user's workplace...
Moderate
Unreviewed
CVE-2024-44115
was published
Sep 10, 2024
The RFC enabled function module allows a low privileged user to add any workbook to any user's...
Moderate
Unreviewed
CVE-2024-44116
was published
Sep 10, 2024
The RFC enabled function module allows a low privileged user to delete the workplace favourites...
Moderate
Unreviewed
CVE-2024-42371
was published
Sep 10, 2024
The RFC enabled function module allows a low privileged user to read any user's workplace...
Moderate
Unreviewed
CVE-2024-42380
was published
Sep 10, 2024
The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email...
Moderate
Unreviewed
CVE-2024-7622
was published
Sep 6, 2024
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for...
Moderate
Unreviewed
CVE-2024-8427
was published
Sep 6, 2024
nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of...
Moderate
Unreviewed
CVE-2024-28216
was published
Mar 7, 2024
In sim service, there is a possible way to write permission usage records of an app due to a...
Moderate
Unreviewed
CVE-2023-42655
was published
Nov 1, 2023
The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress...
Moderate
Unreviewed
CVE-2024-6332
was published
Sep 5, 2024
The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a...
Moderate
Unreviewed
CVE-2024-7605
was published
Sep 5, 2024
The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due...
Moderate
Unreviewed
CVE-2024-7380
was published
Sep 5, 2024
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to...
Moderate
Unreviewed
CVE-2024-7381
was published
Sep 5, 2024
The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized...
Moderate
Unreviewed
CVE-2024-5309
was published
Sep 5, 2024
ProTip!
Advisories are also available from the
GraphQL API