GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
160 advisories
Filter by severity
The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated...
Critical
Unreviewed
CVE-2021-4343
was published
Jun 7, 2023
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on...
Critical
Unreviewed
CVE-2020-36730
was published
Jun 7, 2023
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to,...
Critical
Unreviewed
CVE-2019-25141
was published
Jun 7, 2023
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary...
Critical
Unreviewed
CVE-2020-36719
was published
Jun 7, 2023
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app,...
Critical
Unreviewed
CVE-2023-2193
was published
Apr 20, 2023
THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to,...
Critical
Unreviewed
CVE-2022-4939
was published
Apr 5, 2023
SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740,...
Critical
Unreviewed
CVE-2023-27269
was published
Mar 14, 2023
The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image...
Critical
Unreviewed
CVE-2023-0349
was published
Mar 13, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the...
Critical
Unreviewed
CVE-2023-26957
was published
Mar 9, 2023
Improper Input Validation vulnerability in Eskom Bilgisayar e-Belediye allows Information...
Critical
Unreviewed
CVE-2023-1114
was published
Mar 1, 2023
An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging...
Critical
Unreviewed
CVE-2022-41271
was published
Dec 13, 2022
Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
Critical
Unreviewed
CVE-2022-44584
was published
Nov 19, 2022
Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3.
Critical
Unreviewed
CVE-2022-3993
was published
Nov 14, 2022
Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at...
Critical
Unreviewed
CVE-2022-37344
was published
Sep 7, 2022
Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at...
Critical
Unreviewed
CVE-2022-36427
was published
Sep 7, 2022
A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node...
Critical
Unreviewed
CVE-2022-36642
was published
Sep 3, 2022
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain...
Critical
Unreviewed
CVE-2022-35293
was published
Aug 11, 2022
LRM does not implement authentication or authorization by default. A malicious actor can inject,...
Critical
Unreviewed
CVE-2022-1521
was published
Jun 25, 2022
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate...
Critical
Unreviewed
CVE-2022-0885
was published
Jun 14, 2022
A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could...
Critical
Unreviewed
CVE-2020-4926
was published
May 25, 2022
An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows...
Critical
Unreviewed
CVE-2020-25366
was published
May 24, 2022
Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken...
Critical
Unreviewed
CVE-2021-32172
was published
May 24, 2022
BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an...
Critical
Unreviewed
CVE-2021-41729
was published
May 24, 2022
Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect...
Critical
Unreviewed
CVE-2021-33924
was published
May 24, 2022
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5...
Critical
Unreviewed
CVE-2021-37270
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API