Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,231
Erlang
31
GitHub Actions
20
Go
1,991
Maven
5,000+
npm
3,709
NuGet
661
pip
3,341
Pub
11
RubyGems
884
Rust
846
Swift
36
Unreviewed advisories
All unreviewed
5,000+

179 advisories

Loading
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods... Critical Unreviewed
CVE-2023-0923 was published Sep 15, 2023
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain... Critical Unreviewed
CVE-2023-39073 was published Sep 13, 2023
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing... Critical Unreviewed
CVE-2023-36140 was published Sep 11, 2023
The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data,... Critical Unreviewed
CVE-2023-3956 was published Jul 27, 2023
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege... Critical Unreviewed
CVE-2023-26301 was published Jul 21, 2023
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user... Critical Unreviewed
CVE-2023-3076 was published Jul 10, 2023
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing... Critical Unreviewed
CVE-2023-0291 was published Jun 9, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to... Critical Unreviewed
CVE-2021-4381 was published Jun 7, 2023
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in... Critical Unreviewed
CVE-2021-4374 was published Jun 7, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and... Critical Unreviewed
CVE-2021-4370 was published Jun 7, 2023
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing... Critical Unreviewed
CVE-2021-4362 was published Jun 7, 2023
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File... Critical Unreviewed
CVE-2021-4356 was published Jun 7, 2023
The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated... Critical Unreviewed
CVE-2021-4343 was published Jun 7, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing... Critical Unreviewed
CVE-2021-4341 was published Jun 7, 2023
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on... Critical Unreviewed
CVE-2020-36730 was published Jun 7, 2023
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to,... Critical Unreviewed
CVE-2019-25141 was published Jun 7, 2023
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app,... Critical Unreviewed
CVE-2023-2193 was published Apr 20, 2023
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>,... Critical Unreviewed
CVE-2020-6823 was published May 24, 2022
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms... Critical Unreviewed
CVE-2019-1010149 was published May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The... Critical Unreviewed
CVE-2019-1010152 was published May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The... Critical Unreviewed
CVE-2019-1010150 was published May 24, 2022
Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass Critical Unreviewed
CVE-2013-3960 was published May 5, 2022
** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access.... Critical Unreviewed
CVE-2021-28154 was published May 24, 2022
Missing authorization vulnerability in System webapi component in Synology Surveillance Station... Critical Unreviewed
CVE-2024-29241 was published Mar 28, 2024
An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows... Critical Unreviewed
CVE-2021-28141 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database