Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

151 advisories

Loading
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of... Critical Unreviewed
CVE-2024-6636 was published Jul 20, 2024
PTC Creo Elements/Direct License Server exposes a web interface which can be used by... Critical Unreviewed
CVE-2024-6071 was published Jun 28, 2024
Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be... Critical Unreviewed
CVE-2024-6303 was published Jun 25, 2024
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a... Critical Unreviewed
CVE-2023-39312 was published Jun 19, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-4898 was published Jun 12, 2024
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager... Critical Unreviewed
CVE-2024-33565 was published Jun 9, 2024
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a... Critical Unreviewed
CVE-2024-31244 was published Jun 9, 2024
Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and... Critical Unreviewed
CVE-2024-36246 was published May 31, 2024
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1... Critical Unreviewed
CVE-2024-3761 was published May 20, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected... Critical Unreviewed
CVE-2024-27939 was published May 14, 2024
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue... Critical Unreviewed
CVE-2024-33566 was published Apr 29, 2024
Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember:... Critical Unreviewed
CVE-2024-32948 was published Apr 24, 2024
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a... Critical Unreviewed
CVE-2023-49742 was published Apr 18, 2024
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a... Critical Unreviewed
CVE-2024-25912 was published Apr 11, 2024
Missing authorization vulnerability in System webapi component in Synology Surveillance Station... Critical Unreviewed
CVE-2024-29241 was published Mar 28, 2024
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious... Critical Unreviewed
CVE-2023-34063 was published Jan 16, 2024
The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress... Critical Unreviewed
CVE-2023-6875 was published Jan 11, 2024
An issue in SpringBlade v.3.7.0 and before allows a remote attacker to escalate privileges via... Critical Unreviewed
CVE-2023-47458 was published Jan 2, 2024
The affiliate-toolkit WordPress plugin before 3.4.3 lacks authorization and authentication for... Critical Unreviewed
CVE-2023-5877 was published Jan 1, 2024
Redpanda before 23.1.21 and 23.2.x before 23.2.18 has missing authorization checks in the... Critical Unreviewed
CVE-2023-50976 was published Dec 18, 2023
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity... Critical Unreviewed
CVE-2023-48417 was published Dec 11, 2023
An issue was discovered in the Boomerang Parental Control application through 13.83 for Android.... Critical Unreviewed
CVE-2023-36621 was published Nov 3, 2023
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to... Critical Unreviewed
CVE-2023-5533 was published Oct 20, 2023
A vulnerability in the Security Assertion Markup Language (SAML) APIs of Cisco Catalyst SD-WAN... Critical Unreviewed
CVE-2023-20252 was published Sep 27, 2023
Vulnerability of missing authorization in the kernel module. Successful exploitation of this... Critical Unreviewed
CVE-2023-41296 was published Sep 25, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database