GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,560 advisories
Filter by severity
The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing...
Moderate
Unreviewed
CVE-2023-0402
was published
Jan 19, 2023
The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in...
Moderate
Unreviewed
CVE-2021-24950
was published
Mar 15, 2022
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF...
Moderate
Unreviewed
CVE-2021-24958
was published
Mar 15, 2022
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious...
Moderate
Unreviewed
CVE-2021-45852
was published
Mar 17, 2022
Multiple versions of GARO Wallbox GLB/GTB/GTC are affected by incorrect access control. Lack of...
Critical
Unreviewed
CVE-2021-45878
was published
Mar 22, 2022
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the...
High
Unreviewed
CVE-2022-27333
was published
Mar 23, 2022
Automotive Grade Linux Kooky Koi 11.0.0, 11.0.1, 11.0.2, 11.0.3, 11.0.4, and 11.0.5 is affected...
Critical
Unreviewed
CVE-2022-24595
was published
Mar 19, 2022
It was found that 3scale's APIdocs does not validate the access token, in the case of invalid...
High
Unreviewed
CVE-2021-3814
was published
Mar 26, 2022
Under certain conditions, SAP Innovation management - version 2.0, allows an attacker to access...
High
Unreviewed
CVE-2022-27658
was published
Mar 29, 2022
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line...
Critical
Unreviewed
CVE-2021-45015
was published
Dec 15, 2021
In Settings, there is a possible way to add an auto-connect WiFi network without the user's...
High
Unreviewed
CVE-2021-39768
was published
Mar 31, 2022
In WindowManager, there is a possible way to start a foreground activity from the background due...
High
Unreviewed
CVE-2021-39758
was published
Mar 31, 2022
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html...
Moderate
Unreviewed
CVE-2021-44937
was published
Dec 15, 2021
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and...
Moderate
Unreviewed
CVE-2022-23183
was published
Apr 1, 2022
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an...
Critical
Unreviewed
CVE-2021-27856
was published
Dec 16, 2021
Hospital Management System v1.0 was discovered to lack an authorization component, allowing...
Critical
Unreviewed
CVE-2022-26546
was published
Apr 1, 2022
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia...
Moderate
Unreviewed
CVE-2022-0837
was published
Apr 5, 2022
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing...
Moderate
Unreviewed
CVE-2022-0825
was published
Apr 5, 2022
The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check...
Moderate
Unreviewed
CVE-2022-0404
was published
Apr 5, 2022
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk...
High
Unreviewed
CVE-2020-23349
was published
Apr 6, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib...
High
Unreviewed
CVE-2021-24906
was published
Jan 25, 2022
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for...
Moderate
Unreviewed
CVE-2021-43333
was published
Jan 2, 2022
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver...
High
Unreviewed
CVE-2022-27669
was published
Apr 13, 2022
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any...
Moderate
Unreviewed
CVE-2022-1054
was published
Apr 19, 2022
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper...
Moderate
Unreviewed
CVE-2022-0919
was published
Apr 12, 2022
ProTip!
Advisories are also available from the
GraphQL API