GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,927
Composer 4,272
Erlang 31
GitHub Actions 21
Go 2,047
Maven 5,232
npm 3,739
NuGet 668
pip 3,415
Pub 12
RubyGems 891
Rust 868
Swift 36

Unreviewed advisories

All unreviewed 238,377

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

159 advisories

Filter by severity

Sort by

Least recently updated

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File... Critical Unreviewed

CVE-2021-4356 was published Jun 7, 2023

The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to,... Critical Unreviewed

CVE-2019-25141 was published Jun 7, 2023

The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary... Critical Unreviewed

CVE-2020-36719 was published Jun 7, 2023

Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app,... Critical Unreviewed

CVE-2023-2193 was published Apr 20, 2023

THe WCFM Membership plugin for WordPress is vulnerable to privilege escalation in versions up to,... Critical Unreviewed

CVE-2022-4939 was published Apr 5, 2023

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740,... Critical Unreviewed

CVE-2023-27269 was published Mar 14, 2023

The Akuvox E11 libvoice library provides unauthenticated access to the camera capture for image... Critical Unreviewed

CVE-2023-0349 was published Mar 13, 2023

onekeyadmin v1.3.9 was discovered to contain an arbitrary file delete vulnerability via the... Critical Unreviewed

CVE-2023-26957 was published Mar 9, 2023

Improper Input Validation vulnerability in Eskom Bilgisayar e-Belediye allows Information... Critical Unreviewed

CVE-2023-1114 was published Mar 1, 2023

An unauthenticated user can attach to an open interface exposed through JNDI by the Messaging... Critical Unreviewed

CVE-2022-41271 was published Dec 13, 2022

Unauth. Arbitrary File Deletion vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. Critical Unreviewed

CVE-2022-44584 was published Nov 19, 2022

Authentication Bypass by Primary Weakness in GitHub repository kareadita/kavita prior to 0.6.0.3. Critical Unreviewed

CVE-2022-3993 was published Nov 14, 2022

Missing Access Control vulnerability in PHP Crafts Accommodation System plugin <= 1.0.1 at... Critical Unreviewed

CVE-2022-37344 was published Sep 7, 2022

Missing Access Control vulnerability in About Rentals. Inc. About Rentals plugin <= 1.5 at... Critical Unreviewed

CVE-2022-36427 was published Sep 7, 2022

A local file disclosure vulnerability in /appConfig/userDB.json of Telos Alliance Omnia MPX Node... Critical Unreviewed

CVE-2022-36642 was published Sep 3, 2022

Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain... Critical Unreviewed

CVE-2022-35293 was published Aug 11, 2022

LRM does not implement authentication or authorization by default. A malicious actor can inject,... Critical Unreviewed

CVE-2022-1521 was published Jun 25, 2022

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate... Critical Unreviewed

CVE-2022-0885 was published Jun 14, 2022

A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could... Critical Unreviewed

CVE-2020-4926 was published May 25, 2022

An issue in the component /cgi-bin/upload_firmware.cgi of D-Link DIR-823G REVA1 1.02B05 allows... Critical Unreviewed

CVE-2020-25366 was published May 24, 2022

Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken... Critical Unreviewed

CVE-2021-32172 was published May 24, 2022

BaiCloud-cms v2.5.7 is affected by an arbitrary file deletion vulnerability, which allows an... Critical Unreviewed

CVE-2021-41729 was published May 24, 2022

Confluent Ansible (cp-ansible) version 5.5.0, 5.5.1, 5.5.2 and 6.0.0 is vulnerable to Incorrect... Critical Unreviewed

CVE-2021-33924 was published May 24, 2022

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5... Critical Unreviewed

CVE-2021-37270 was published May 24, 2022

SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31,... Critical Unreviewed

CVE-2021-37535 was published May 24, 2022

Previous 1 2 3 4 5 6 7 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

159 advisories