GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,740
Composer 4,239
Erlang 31
GitHub Actions 21
Go 2,007
Maven 5,196
npm 3,716
NuGet 662
pip 3,388
Pub 11
RubyGems 885
Rust 851
Swift 36

Unreviewed advisories

All unreviewed 235,952

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

2,575 advisories

Filter by severity

Sort by

Least recently updated

The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed

CVE-2021-24839 was published Feb 8, 2022

The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed

CVE-2021-25095 was published Feb 8, 2022

The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress... Moderate Unreviewed

CVE-2021-25084 was published Feb 8, 2022

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed

CVE-2021-24993 was published Feb 8, 2022

The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting... High Unreviewed

CVE-2021-25093 was published Feb 2, 2022

Single Connect does not perform an authorization check when using the "log-monitor" module. A... Moderate Unreviewed

CVE-2021-44792 was published Jan 28, 2022

Single Connect does not perform an authorization check when using the sc-reports-ui" module. A... High Unreviewed

CVE-2021-44793 was published Jan 28, 2022

Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module.... Moderate Unreviewed

CVE-2021-44794 was published Jan 28, 2022

Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui"... High Unreviewed

CVE-2021-44795 was published Jan 28, 2022

The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed

CVE-2021-24906 was published Jan 25, 2022

The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed

CVE-2021-24968 was published Jan 25, 2022

The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed

CVE-2021-25013 was published Jan 25, 2022

An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5,... Moderate Unreviewed

CVE-2022-0152 was published Jan 19, 2022

The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to... High Unreviewed

CVE-2022-0236 was published Jan 19, 2022

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF... Moderate Unreviewed

CVE-2021-25025 was published Jan 18, 2022

Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE... Moderate Unreviewed

CVE-2021-40327 was published Jan 14, 2022

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro... Critical Unreviewed

CVE-2021-25032 was published Jan 11, 2022

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated... High Unreviewed

CVE-2021-24831 was published Jan 4, 2022

The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for... Moderate Unreviewed

CVE-2021-43333 was published Jan 2, 2022

Yappli is an application development platform which provides the function to access a requested... High Unreviewed

CVE-2021-20873 was published Dec 29, 2021

The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API... Moderate Unreviewed

CVE-2021-24997 was published Dec 28, 2021

An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed

CVE-2020-20944 was published Dec 28, 2021

MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle... High Unreviewed

CVE-2021-37572 was published Dec 27, 2021

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37... Moderate Unreviewed

CVE-2021-44857 was published Dec 18, 2021

TCMAN GIM does not perform an authorization check when trying to access determined resources. A... High Unreviewed

CVE-2021-40853 was published Dec 18, 2021

Previous 1 2 … 99 100 101 102 103 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

2,575 advisories