Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

128 advisories

Loading
The User Email Verification for WooCommerce plugin for WordPress is vulnerable to authentication... Critical Unreviewed
CVE-2023-2781 was published Jun 3, 2023
Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to Bypass... Moderate Unreviewed
CVE-2022-36249 was published May 30, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2023-2733 was published May 25, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2023-2732 was published May 25, 2023
The MStore API plugin for WordPress is vulnerable to authentication bypass in versions up to, and... Critical Unreviewed
CVE-2023-2734 was published May 25, 2023
A proprietary protocol for iBoot devices is used for control and keepalive commands. The function... High Unreviewed
CVE-2022-47311 was published May 23, 2023
The BP Social Connect plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2023-2704 was published May 19, 2023
A vulnerability in the social login configuration option for the guest users of Cisco Business... Moderate Unreviewed
CVE-2023-20003 was published May 18, 2023
The RegistrationMagic plugin for WordPress is vulnerable to authentication bypass in versions up... Critical Unreviewed
CVE-2023-2499 was published May 16, 2023
An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer... High Unreviewed
CVE-2023-31152 was published May 10, 2023
PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be... Moderate Unreviewed
CVE-2022-40725 was published Apr 25, 2023
The ZM Ajax Login & Register plugin for WordPress is vulnerable to authentication bypass in... Critical Unreviewed
CVE-2023-2027 was published Apr 15, 2023
Devise Gem for Ruby Unauthorized Access Using "Remember Me" Cookie High
CVE-2015-8314 was published for devise (RubyGems) Jan 26, 2023
A vulnerability in the web-based management interface of Cisco IP Phone 7800 and 8800 Series... Moderate Unreviewed
CVE-2023-20018 was published Jan 20, 2023
Even if the authentication fails for local service authentication, the requested command could... Critical Unreviewed
CVE-2022-46732 was published Jan 18, 2023
An issue was discovered in the endpoint protection agent in Zoho ManageEngine Device Control Plus... High Unreviewed
CVE-2022-47578 was published Dec 20, 2022
Unauthorized access to Gateway user capabilities Critical Unreviewed
CVE-2022-27510 was published Nov 9, 2022
XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard High
CVE-2022-36093 was published for org.xwiki.platform:xwiki-platform-web (Maven) Sep 16, 2022
A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service... High Unreviewed
CVE-2022-2031 was published Aug 26, 2022
This vulnerability allows remote attackers to bypass authentication on affected installations of... Critical Unreviewed
CVE-2022-35869 was published Jul 26, 2022
PingID Windows Login prior to 2.8 does not authenticate communication with a local Java service... Moderate Unreviewed
CVE-2022-23719 was published Jul 1, 2022
PingID Windows Login prior to 2.8 does not properly set permissions on the Windows Registry... Moderate Unreviewed
CVE-2022-23725 was published Jul 1, 2022
A vulnerability in the application authentication and authorization mechanism in Hitachi Energy's... High Unreviewed
CVE-2021-35530 was published Jun 8, 2022
SQL injection and file upload attacks are possible due to insufficient validation of input values... Critical Unreviewed
CVE-2021-26634 was published Jun 3, 2022
Networking OS10, versions prior to October 2021 with Smart Fabric Services enabled, contains an... Critical Unreviewed
CVE-2021-36308 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API