Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,324
Erlang
31
GitHub Actions
21
Go
2,087
Maven
5,000+
npm
3,751
NuGet
674
pip
3,437
Pub
12
RubyGems
892
Rust
881
Swift
37
Unreviewed advisories
All unreviewed
5,000+

3,656 advisories

Loading
Hospital Management System v1.0 was discovered to lack an authorization component, allowing... Critical Unreviewed
CVE-2022-26546 was published Apr 1, 2022
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia... Moderate Unreviewed
CVE-2022-0837 was published Apr 5, 2022
The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check... Moderate Unreviewed
CVE-2022-0404 was published Apr 5, 2022
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing... Moderate Unreviewed
CVE-2022-0825 was published Apr 5, 2022
An intent redirection issue was doscovered in Sina Weibo Android SDK 4.2.7 (com.sina.weibo.sdk... High Unreviewed
CVE-2020-23349 was published Apr 6, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed
CVE-2021-24906 was published Jan 25, 2022
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for... Moderate Unreviewed
CVE-2021-43333 was published Jan 2, 2022
An unauthenticated user can use functions of XML Data Archiving Service of SAP NetWeaver... High Unreviewed
CVE-2022-27669 was published Apr 13, 2022
Missing permission checks in Jenkins Publish Over FTP Plugin Moderate
CVE-2022-29051 was published for org.jenkins-ci.plugins:publish-over-ftp (Maven) Apr 13, 2022
westonsteimel
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any... Moderate Unreviewed
CVE-2022-1054 was published Apr 19, 2022
Missing permission check in Jenkins SSH Plugin Moderate
CVE-2022-30957 was published for org.jenkins-ci.plugins:ssh (Maven) May 18, 2022
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper... Moderate Unreviewed
CVE-2022-0919 was published Apr 12, 2022
There is an improper verification vulnerability in smartphones. Successful exploitation of this... Critical Unreviewed
CVE-2021-22448 was published Feb 26, 2022
Insecure plugin handling in Mattermost High
CVE-2022-1384 was published for github.com/mattermost/mattermost-server/v6 (Go) Apr 20, 2022
PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events... Moderate Unreviewed
CVE-2021-46701 was published Feb 21, 2022
Multiple vulnerabilities in Cisco SD-WAN vManage Software could allow an unauthenticated, remote... High Unreviewed
CVE-2021-1506 was published May 24, 2022
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5... High Unreviewed
CVE-2006-4483 was published May 1, 2022
The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions... Moderate Unreviewed
CVE-2022-4169 was published Nov 28, 2022
A broken access control vulnerability in the SubNet_handler_func function of spx_restservice... Moderate Unreviewed
CVE-2021-44776 was published Oct 24, 2022
An exploitable unsafe default configuration vulnerability exists in the TURN server function of... Critical Unreviewed
CVE-2018-4059 was published May 13, 2022
Missing Authorization in Apache ZooKeeper High
CVE-2018-8012 was published for org.apache.zookeeper:zookeeper (Maven) May 13, 2022
Missing Authorization in Jenkins Moderate
CVE-2017-1000400 was published for org.jenkins-ci.main:jenkins-core (Maven) May 13, 2022
A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice... High Unreviewed
CVE-2021-26733 was published Oct 24, 2022
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to... Moderate Unreviewed
CVE-2022-36836 was published Aug 6, 2022
The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication... High Unreviewed
CVE-2022-24190 was published Nov 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database