GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
1,999 advisories
Filter by severity
Moderate severity vulnerability that affects org.apache.ranger:ranger
Moderate
CVE-2017-7677
was published
for
org.apache.ranger:ranger
(Maven)
Oct 17, 2018
Moderate severity vulnerability that affects org.apache.hive:hive-jdbc
Moderate
CVE-2018-1314
was published
for
org.apache.hive:hive-jdbc
(Maven)
Nov 21, 2018
Flarum notifications can leak restricted content
Moderate
CVE-2023-22488
was published
for
flarum/core
(Composer)
Jan 10, 2023
The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing...
Moderate
Unreviewed
CVE-2023-0402
was published
Jan 19, 2023
Missing permission check in Jenkins SWAMP Plugin allows capturing credentials
Moderate
CVE-2022-25211
was published
for
org.continuousassurance.swamp.jenkins:swamp
(Maven)
Feb 16, 2022
The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in...
Moderate
Unreviewed
CVE-2021-24950
was published
Mar 15, 2022
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF...
Moderate
Unreviewed
CVE-2021-24958
was published
Mar 15, 2022
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious...
Moderate
Unreviewed
CVE-2021-45852
was published
Mar 17, 2022
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html...
Moderate
Unreviewed
CVE-2021-44937
was published
Dec 15, 2021
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and...
Moderate
Unreviewed
CVE-2022-23183
was published
Apr 1, 2022
The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia...
Moderate
Unreviewed
CVE-2022-0837
was published
Apr 5, 2022
The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check...
Moderate
Unreviewed
CVE-2022-0404
was published
Apr 5, 2022
The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing...
Moderate
Unreviewed
CVE-2022-0825
was published
Apr 5, 2022
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for...
Moderate
Unreviewed
CVE-2021-43333
was published
Jan 2, 2022
Missing permission checks in Jenkins Publish Over FTP Plugin
Moderate
CVE-2022-29051
was published
for
org.jenkins-ci.plugins:publish-over-ftp
(Maven)
Apr 13, 2022
The RSVP and Event Management Plugin WordPress plugin before 2.7.8 does not have any...
Moderate
Unreviewed
CVE-2022-1054
was published
Apr 19, 2022
Missing permission check in Jenkins SSH Plugin
Moderate
CVE-2022-30957
was published
for
org.jenkins-ci.plugins:ssh
(Maven)
May 18, 2022
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper...
Moderate
Unreviewed
CVE-2022-0919
was published
Apr 12, 2022
PreMiD 2.2.0 allows unintended access via the websocket transport. An attacker can receive events...
Moderate
Unreviewed
CVE-2021-46701
was published
Feb 21, 2022
The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions...
Moderate
Unreviewed
CVE-2022-4169
was published
Nov 28, 2022
A broken access control vulnerability in the SubNet_handler_func function of spx_restservice...
Moderate
Unreviewed
CVE-2021-44776
was published
Oct 24, 2022
Missing Authorization in Jenkins
Moderate
CVE-2017-1000400
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 13, 2022
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to...
Moderate
Unreviewed
CVE-2022-36836
was published
Aug 6, 2022
Missing Authorization in Crafter CMS
Moderate
CVE-2017-15680
was published
for
org.craftercms:crafter-core
(Maven)
May 24, 2022
An issue was discovered in Emote Remote Mouse through 3.015. Attackers can close any running...
Moderate
Unreviewed
CVE-2021-27570
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API