GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,779 advisories
Filter by severity
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari ...
High
Unreviewed
CVE-2021-20835
was published
Nov 25, 2021
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user....
High
Unreviewed
CVE-2021-36917
was published
Nov 25, 2021
The Contest Gallery WordPress plugin before 13.1.0.6 does not have capability checks and does not...
Critical
Unreviewed
CVE-2021-24915
was published
Nov 30, 2021
The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which...
Moderate
Unreviewed
CVE-2021-24842
was published
Nov 30, 2021
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in...
High
Unreviewed
CVE-2021-24914
was published
Dec 7, 2021
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require...
High
Unreviewed
CVE-2021-34543
was published
Dec 8, 2021
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local...
Low
Unreviewed
CVE-2021-25519
was published
Dec 9, 2021
The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation...
Moderate
Unreviewed
CVE-2021-24790
was published
Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5...
Moderate
Unreviewed
CVE-2021-20867
was published
Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5...
Moderate
Unreviewed
CVE-2021-20866
was published
Dec 14, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5...
High
Unreviewed
CVE-2021-20865
was published
Dec 14, 2021
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary...
High
Unreviewed
CVE-2021-44233
was published
Dec 15, 2021
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will...
High
Unreviewed
CVE-2021-41066
was published
Dec 15, 2021
taocms 3.0.2 is vulnerable to arbitrary file deletion via taocms\include\Model\file.php from line...
Critical
Unreviewed
CVE-2021-45015
was published
Dec 15, 2021
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html...
Moderate
Unreviewed
CVE-2021-44937
was published
Dec 15, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and...
High
Unreviewed
CVE-2021-27859
was published
Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and...
Moderate
Unreviewed
CVE-2021-27858
was published
Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and...
High
Unreviewed
CVE-2021-27857
was published
Dec 16, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a...
High
Unreviewed
CVE-2021-27855
was published
Dec 16, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 includes an...
Critical
Unreviewed
CVE-2021-27856
was published
Dec 16, 2021
Unauthenticated Arbitrary Options Update vulnerability leading to full website compromise...
Critical
Unreviewed
CVE-2021-36888
was published
Dec 16, 2021
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to...
High
Unreviewed
CVE-2021-1017
was published
Dec 16, 2021
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user...
High
Unreviewed
CVE-2021-0926
was published
Dec 16, 2021
In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to...
High
Unreviewed
CVE-2021-0923
was published
Dec 16, 2021
In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass...
High
Unreviewed
CVE-2021-0922
was published
Dec 16, 2021
ProTip!
Advisories are also available from the
GraphQL API