GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,972
Composer 4,285
Erlang 31
GitHub Actions 21
Go 2,056
Maven 5,238
npm 3,741
NuGet 668
pip 3,422
Pub 12
RubyGems 892
Rust 875
Swift 36

Unreviewed advisories

All unreviewed 239,197

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,058 advisories

Filter by severity

Sort by

Least recently updated

Mevin Productions Basic PHP Events Lister 2.0 does not properly restrict access to (1) admin... Moderate Unreviewed

CVE-2009-3168 was published May 2, 2022

The Virtual Network Terminal Server daemon (vntsd) for Logical Domains (aka LDoms) in Sun Solaris... Moderate Unreviewed

CVE-2009-2282 was published May 2, 2022

nfs2acl.c in the Linux kernel 2.6.14.4 does not check for MAY_SATTR privilege before setting... Moderate Unreviewed

CVE-2005-3623 was published May 1, 2022

Various administrative external system import resources in Atlassian JIRA Server (including JIRA... Moderate Unreviewed

CVE-2017-18101 was published Apr 30, 2022

The myCred WordPress plugin before 2.4.4 does not have any authorisation and CSRF checks in the... Moderate Unreviewed

CVE-2022-0363 was published Apr 26, 2022

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation in place in its mycred... Moderate Unreviewed

CVE-2022-0287 was published Apr 26, 2022

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 lacks authorization... Moderate Unreviewed

CVE-2022-0634 was published Apr 26, 2022

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have... Moderate Unreviewed

CVE-2022-0398 was published Apr 26, 2022

The myCred WordPress plugin before 2.4.4 does not have authorisation and CSRF checks in its... Moderate Unreviewed

CVE-2022-1092 was published Apr 26, 2022

The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any... Moderate Unreviewed

CVE-2022-1054 was published Apr 19, 2022

The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper... Moderate Unreviewed

CVE-2022-0919 was published Apr 12, 2022

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check... Moderate Unreviewed

CVE-2022-0404 was published Apr 5, 2022

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing... Moderate Unreviewed

CVE-2022-0825 was published Apr 5, 2022

The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia... Moderate Unreviewed

CVE-2022-0837 was published Apr 5, 2022

Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and... Moderate Unreviewed

CVE-2022-23183 was published Apr 1, 2022

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related... Moderate Unreviewed

CVE-2021-24978 was published Mar 29, 2022

The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of... Moderate Unreviewed

CVE-2022-0833 was published Mar 29, 2022

Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz... Moderate Unreviewed

CVE-2022-27948 was published Mar 28, 2022

An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious... Moderate Unreviewed

CVE-2021-45852 was published Mar 17, 2022

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in... Moderate Unreviewed

CVE-2021-24950 was published Mar 15, 2022

The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF... Moderate Unreviewed

CVE-2021-24958 was published Mar 15, 2022

Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an... Moderate Unreviewed

CVE-2022-26103 was published Mar 11, 2022

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701... Moderate Unreviewed

CVE-2022-26102 was published Mar 11, 2022

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for... Moderate Unreviewed

CVE-2022-26104 was published Mar 11, 2022

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its... Moderate Unreviewed

CVE-2022-0163 was published Mar 8, 2022

Previous 1 2 … 79 80 81 82 83 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,058 advisories