GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,704
Composer 4,237
Erlang 31
GitHub Actions 20
Go 2,000
Maven 5,183
npm 3,711
NuGet 661
pip 3,383
Pub 11
RubyGems 885
Rust 849
Swift 36

Unreviewed advisories

All unreviewed 235,490

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

1,688 advisories

Filter by severity

Sort by

Least recently updated

The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in... Moderate Unreviewed

CVE-2021-24950 was published Mar 15, 2022

Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701... Moderate Unreviewed

CVE-2022-26102 was published Mar 11, 2022

Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an... Moderate Unreviewed

CVE-2022-26103 was published Mar 11, 2022

SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for... Moderate Unreviewed

CVE-2022-26104 was published Mar 11, 2022

The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its... Moderate Unreviewed

CVE-2022-0163 was published Mar 8, 2022

Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.12.5. Moderate Unreviewed

CVE-2022-0755 was published Mar 8, 2022

Improper Authorization in GitHub repository salesagility/suitecrm prior to 7.12.5. Moderate Unreviewed

CVE-2022-0756 was published Mar 8, 2022

A flaw was discovered in Kibana in which users with Read access to the Uptime feature could... Moderate Unreviewed

CVE-2022-23709 was published Mar 4, 2022

The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper... Moderate Unreviewed

CVE-2021-25011 was published Mar 1, 2022

The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.5 does not have... Moderate Unreviewed

CVE-2021-25042 was published Mar 1, 2022

The Use Any Font | Custom Font Uploader WordPress plugin before 6.2.1 does not have any... Moderate Unreviewed

CVE-2021-24977 was published Mar 1, 2022

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have... Moderate Unreviewed

CVE-2022-0345 was published Mar 1, 2022

In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address. Moderate Unreviewed

CVE-2022-24594 was published Feb 26, 2022

Improper Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. Moderate Unreviewed

CVE-2022-0726 was published Feb 24, 2022

PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events... Moderate Unreviewed

CVE-2021-46701 was published Feb 21, 2022

Missing Authorization in Eclipse Che Moderate Unreviewed

CVE-2020-10689 was published Feb 15, 2022

The PPOM for WooCommerce WordPress plugin before 24.0 does not have authorisation and CSRF checks... Moderate Unreviewed

CVE-2021-25018 was published Feb 15, 2022

The CMP WordPress plugin before 4.0.19 allows any user, even not logged in, may arbitrarily... Moderate Unreviewed

CVE-2022-0188 was published Feb 15, 2022

SAP ERP HCM Portugal - versions 600, 604, 608, does not perform necessary authorization checks... Moderate Unreviewed

CVE-2022-22535 was published Feb 11, 2022

The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed

CVE-2021-24839 was published Feb 8, 2022

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed

CVE-2021-24993 was published Feb 8, 2022

The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress... Moderate Unreviewed

CVE-2021-25084 was published Feb 8, 2022

Single Connect does not perform an authorization check when using the "log-monitor" module. A... Moderate Unreviewed

CVE-2021-44792 was published Jan 28, 2022

Single Connect does not perform an authorization check when using the "sc-diagnostic-ui" module.... Moderate Unreviewed

CVE-2021-44794 was published Jan 28, 2022

The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed

CVE-2021-24968 was published Jan 25, 2022

Previous 1 2 … 64 65 66 67 68 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

1,688 advisories