GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
1,881 advisories
Filter by severity
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which...
Moderate
Unreviewed
CVE-2021-24842
was published
Nov 30, 2021
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation...
Moderate
Unreviewed
CVE-2021-24790
was published
Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5...
Moderate
Unreviewed
CVE-2021-20866
was published
Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5...
Moderate
Unreviewed
CVE-2021-20867
was published
Dec 14, 2021
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html...
Moderate
Unreviewed
CVE-2021-44937
was published
Dec 15, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and...
Moderate
Unreviewed
CVE-2021-27858
was published
Dec 16, 2021
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37...
Moderate
Unreviewed
CVE-2021-44857
was published
Dec 18, 2021
The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API...
Moderate
Unreviewed
CVE-2021-24997
was published
Dec 28, 2021
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for...
Moderate
Unreviewed
CVE-2021-43333
was published
Jan 2, 2022
Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE...
Moderate
Unreviewed
CVE-2021-40327
was published
Jan 14, 2022
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF...
Moderate
Unreviewed
CVE-2021-25025
was published
Jan 18, 2022
An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5,...
Moderate
Unreviewed
CVE-2022-0152
was published
Jan 19, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the...
Moderate
Unreviewed
CVE-2021-25013
was published
Jan 25, 2022
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the...
Moderate
Unreviewed
CVE-2021-24968
was published
Jan 25, 2022
Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module....
Moderate
Unreviewed
CVE-2021-44794
was published
Jan 28, 2022
Single Connect does not perform an authorization check when using the "log-monitor" module. A...
Moderate
Unreviewed
CVE-2021-44792
was published
Jan 28, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF...
Moderate
Unreviewed
CVE-2021-24993
was published
Feb 8, 2022
The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress...
Moderate
Unreviewed
CVE-2021-25084
was published
Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its...
Moderate
Unreviewed
CVE-2021-24839
was published
Feb 8, 2022
SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks...
Moderate
Unreviewed
CVE-2022-22535
was published
Feb 11, 2022
The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, may arbitrarily...
Moderate
Unreviewed
CVE-2022-0188
was published
Feb 15, 2022
The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks...
Moderate
Unreviewed
CVE-2021-25018
was published
Feb 15, 2022
PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events...
Moderate
Unreviewed
CVE-2021-46701
was published
Feb 21, 2022
Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0.
Moderate
Unreviewed
CVE-2022-0726
was published
Feb 24, 2022
ProTip!
Advisories are also available from the
GraphQL API