Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,084
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

240,683 advisories

Loading
The CLUEVO LMS, E-Learning Platform WordPress plugin before 1.8.1 does not sanitise and escape... Moderate Unreviewed
CVE-2021-25029 was published Feb 8, 2022
The Translate WordPress with GTranslate WordPress plugin before 2.9.7 does not sanitise and... Moderate Unreviewed
CVE-2021-25103 was published Feb 8, 2022
The Store Toolkit for WooCommerce WordPress plugin before 2.3.2 does not sanitise and escape the... Moderate Unreviewed
CVE-2021-25077 was published Feb 8, 2022
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when... Moderate Unreviewed
CVE-2021-25004 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX... High Unreviewed
CVE-2021-24879 was published Feb 8, 2022
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access... Moderate Unreviewed
CVE-2021-24928 was published Feb 8, 2022
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries.... High Unreviewed
CVE-2022-23320 was published Feb 8, 2022
Full list of recipients from customer users in a contact field could be disclosed in notification... Low Unreviewed
CVE-2022-0474 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string... Moderate Unreviewed
CVE-2021-24878 was published Feb 8, 2022
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may... High Unreviewed
CVE-2021-46359 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of... Moderate Unreviewed
CVE-2021-24880 was published Feb 8, 2022
IIPImage High Resolution Streaming Image Server prior to commit... High Unreviewed
CVE-2021-46389 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX... Moderate Unreviewed
CVE-2021-24843 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2022-22679 was published Feb 8, 2022
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error... Moderate Unreviewed
CVE-2022-0473 was published Feb 8, 2022
Improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2021-43928 was published Feb 8, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43927 was published Feb 8, 2022
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to... Moderate Unreviewed
CVE-2022-23184 was published Feb 8, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... Moderate Unreviewed
CVE-2021-43929 was published Feb 8, 2022
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an... Critical Unreviewed
CVE-2022-22832 was published Feb 8, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43926 was published Feb 8, 2022
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information... High Unreviewed
CVE-2022-22833 was published Feb 8, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43925 was published Feb 8, 2022
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in... High Unreviewed
CVE-2022-22680 was published Feb 8, 2022
ProTip! Advisories are also available from the GraphQL API