GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,272
Erlang
31
GitHub Actions
21
Go
2,047
Maven
5,000+
npm
3,739
NuGet
668
pip
3,415
Pub
12
RubyGems
891
Rust
868
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
142 advisories
Filter by severity
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to...
High
Unreviewed
CVE-2021-24739
was published
Dec 22, 2021
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the...
High
Unreviewed
CVE-2021-24193
was published
May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP...
High
Unreviewed
CVE-2021-24191
was published
May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the...
High
Unreviewed
CVE-2021-24194
was published
May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the...
High
Unreviewed
CVE-2021-24195
was published
May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the...
High
Unreviewed
CVE-2021-24190
was published
May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the...
High
Unreviewed
CVE-2021-24192
was published
May 24, 2022
The OptinMonster WordPress plugin is vulnerable to sensitive information disclosure and...
High
Unreviewed
CVE-2021-39341
was published
May 24, 2022
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization...
High
Unreviewed
CVE-2014-9945
was published
May 17, 2022
In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization...
High
Unreviewed
CVE-2014-9950
was published
May 17, 2022
A vulnerability in Cisco Intercloud Fabric for Business and Cisco Intercloud Fabric for Providers...
High
Unreviewed
CVE-2016-9217
was published
May 17, 2022
Possible unauthorized memory access in the hypervisor. Incorrect configuration provides access to...
High
Unreviewed
CVE-2016-8443
was published
May 17, 2022
The m_authenticate function in modules/m_sasl.c in Charybdis before 3.5.3 allows remote attackers...
High
Unreviewed
CVE-2016-7143
was published
May 17, 2022
Rockwell Automation FactoryTalk EnergyMetrix before 2.20.00 does not invalidate credentials upon...
High
Unreviewed
CVE-2016-4531
was published
May 17, 2022
The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting...
High
Unreviewed
CVE-2022-2536
was published
Dec 15, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP...
High
Unreviewed
CVE-2021-24188
was published
May 24, 2022
Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level...
High
Unreviewed
CVE-2021-43939
was published
Apr 29, 2022
A vulnerability was found in Forged Alliance Forever up to 3746. It has been declared as critical...
High
Unreviewed
CVE-2022-4879
was published
Jan 6, 2023
An issue was discovered on D-Link DCS-1130 devices. The device requires that a user logging to...
High
Unreviewed
CVE-2017-8409
was published
May 24, 2022
The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in...
High
Unreviewed
CVE-2022-4701
was published
Jan 10, 2023
A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure...
High
Unreviewed
CVE-2020-27779
was published
May 24, 2022
Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged...
High
Unreviewed
CVE-2022-2661
was published
Aug 17, 2022
The wp_ajax_upload-remote-file AJAX action of the External Media WordPress plugin before 1.0.34...
High
Unreviewed
CVE-2021-24311
was published
May 24, 2022
The management page of the Orca HCM digital learning platform does not perform identity...
High
Unreviewed
CVE-2021-35964
was published
May 24, 2022
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self...
High
Unreviewed
CVE-2021-38486
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API