GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,505

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

638 advisories

Filter by severity

Sort by

Least recently updated

Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari ... High Unreviewed

CVE-2021-20835 was published Nov 25, 2021

WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user.... High Unreviewed

CVE-2021-36917 was published Nov 25, 2021

The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in... High Unreviewed

CVE-2021-24914 was published Dec 7, 2021

The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require... High Unreviewed

CVE-2021-34543 was published Dec 8, 2021

Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5... High Unreviewed

CVE-2021-20865 was published Dec 14, 2021

SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary... High Unreviewed

CVE-2021-44233 was published Dec 15, 2021

An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will... High Unreviewed

CVE-2021-41066 was published Dec 15, 2021

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... High Unreviewed

CVE-2021-27859 was published Dec 16, 2021

A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and... High Unreviewed

CVE-2021-27857 was published Dec 16, 2021

FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a... High Unreviewed

CVE-2021-27855 was published Dec 16, 2021

In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to... High Unreviewed

CVE-2021-1017 was published Dec 16, 2021

In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user... High Unreviewed

CVE-2021-0926 was published Dec 16, 2021

In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to... High Unreviewed

CVE-2021-0923 was published Dec 16, 2021

In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass... High Unreviewed

CVE-2021-0922 was published Dec 16, 2021

TCMAN GIM does not perform an authorization check when trying to access determined resources. A... High Unreviewed

CVE-2021-40853 was published Dec 18, 2021

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle... High Unreviewed

CVE-2021-37572 was published Dec 27, 2021

Yappli is an application development platform which provides the function to access a requested... High Unreviewed

CVE-2021-20873 was published Dec 29, 2021

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated... High Unreviewed

CVE-2021-24831 was published Jan 4, 2022

The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to... High Unreviewed

CVE-2022-0236 was published Jan 19, 2022

The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed

CVE-2021-24906 was published Jan 25, 2022

Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui"... High Unreviewed

CVE-2021-44795 was published Jan 28, 2022

Single Connect does not perform an authorization check when using the sc-reports-ui" module. A... High Unreviewed

CVE-2021-44793 was published Jan 28, 2022

The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting... High Unreviewed

CVE-2021-25093 was published Feb 2, 2022

The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed

CVE-2021-25095 was published Feb 8, 2022

A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when... High Unreviewed

CVE-2022-24317 was published Feb 11, 2022

Previous 1 2 3 4 5 … 25 26 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

638 advisories