GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,198
Composer 4,343
Erlang 31
GitHub Actions 22
Go 2,107
Maven 5,283
npm 3,764
NuGet 679
pip 3,452
Pub 12
RubyGems 892
Rust 886
Swift 37

Unreviewed advisories

All unreviewed 243,251

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

146 advisories

Filter by severity

Sort by

Least recently updated

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in... High Unreviewed

CVE-2022-4701 was published Jan 10, 2023

A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical... High Unreviewed

CVE-2022-4879 was published Jan 6, 2023

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting... High Unreviewed

CVE-2022-2536 was published Dec 15, 2022

Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker... High Unreviewed

CVE-2022-39902 was published Dec 8, 2022

A vulnerability has been found in Facepay 1.0 and classified as critical. Affected by this... High Unreviewed

CVE-2022-4281 was published Dec 5, 2022

Improper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1... High Unreviewed

CVE-2022-39883 was published Nov 10, 2022

Improper Authorization vulnerability exists in the Workplace X WebUI of the Hitachi Energy... High Unreviewed

CVE-2022-29490 was published Sep 13, 2022

Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8. High Unreviewed

CVE-2022-2901 was published Sep 7, 2022

Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged... High Unreviewed

CVE-2022-2661 was published Aug 17, 2022

NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it... High Unreviewed

CVE-2022-31609 was published Aug 6, 2022

A vulnerability classified as critical was found in SourceCodester Prison Management System 1.0.... High Unreviewed

CVE-2022-2019 was published Jun 10, 2022

Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications... High Unreviewed

CVE-2022-30717 was published Jun 8, 2022

Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access... High Unreviewed

CVE-2022-30746 was published Jun 8, 2022

Dell OpenManage Enterprise Versions 3.8.3 and prior contain an improper authorization... High Unreviewed

CVE-2022-26857 was published May 27, 2022

The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control.... High Unreviewed

CVE-2021-42330 was published May 24, 2022

The management page of the Orca HCM digital learning platform does not perform identity... High Unreviewed

CVE-2021-35964 was published May 24, 2022

SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary... High Unreviewed

CVE-2021-40502 was published May 24, 2022

The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and... High Unreviewed

CVE-2021-39341 was published May 24, 2022

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self... High Unreviewed

CVE-2021-38486 was published May 24, 2022

Versions up to, and including, 1.0.6, of the Access Demo Importer WordPress plugin are vulnerable... High Unreviewed

CVE-2021-39317 was published May 24, 2022

TadTools special page is vulnerable to authorization bypass, thus remote attackers can use the... High Unreviewed

CVE-2021-41975 was published May 24, 2022

The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34... High Unreviewed

CVE-2021-24311 was published May 24, 2022

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP... High Unreviewed

CVE-2021-24188 was published May 24, 2022

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed

CVE-2021-24190 was published May 24, 2022

Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed

CVE-2021-24193 was published May 24, 2022

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

146 advisories