GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
240,683 advisories
Filter by severity
The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape...
Moderate
Unreviewed
CVE-2021-25029
was published
Feb 8, 2022
The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and...
Moderate
Unreviewed
CVE-2021-25103
was published
Feb 8, 2022
The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the...
Moderate
Unreviewed
CVE-2021-25077
was published
Feb 8, 2022
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when...
Moderate
Unreviewed
CVE-2021-25004
was published
Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX...
High
Unreviewed
CVE-2021-24879
was published
Feb 8, 2022
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access...
Moderate
Unreviewed
CVE-2021-24928
was published
Feb 8, 2022
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries....
High
Unreviewed
CVE-2022-23320
was published
Feb 8, 2022
Full list of recipients from customer users in a contact field could be disclosed in notification...
Low
Unreviewed
CVE-2022-0474
was published
Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string...
Moderate
Unreviewed
CVE-2021-24878
was published
Feb 8, 2022
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may...
High
Unreviewed
CVE-2021-46359
was published
Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of...
Moderate
Unreviewed
CVE-2021-24880
was published
Feb 8, 2022
IIPImage High Resolution Streaming Image Server prior to commit...
High
Unreviewed
CVE-2021-46389
was published
Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX...
Moderate
Unreviewed
CVE-2021-24843
was published
Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its...
Moderate
Unreviewed
CVE-2021-24839
was published
Feb 8, 2022
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in...
Moderate
Unreviewed
CVE-2022-22679
was published
Feb 8, 2022
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error...
Moderate
Unreviewed
CVE-2022-0473
was published
Feb 8, 2022
Improper neutralization of special elements used in an OS command ('OS Command Injection')...
High
Unreviewed
CVE-2021-43928
was published
Feb 8, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')...
Critical
Unreviewed
CVE-2021-43927
was published
Feb 8, 2022
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to...
Moderate
Unreviewed
CVE-2022-23184
was published
Feb 8, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'...
Moderate
Unreviewed
CVE-2021-43929
was published
Feb 8, 2022
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an...
Critical
Unreviewed
CVE-2022-22832
was published
Feb 8, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')...
Critical
Unreviewed
CVE-2021-43926
was published
Feb 8, 2022
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information...
High
Unreviewed
CVE-2022-22833
was published
Feb 8, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')...
Critical
Unreviewed
CVE-2021-43925
was published
Feb 8, 2022
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in...
High
Unreviewed
CVE-2022-22680
was published
Feb 8, 2022
ProTip!
Advisories are also available from the
GraphQL API