GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
181 advisories
Filter by severity
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel...
Critical
Unreviewed
CVE-2023-43135
was published
Sep 21, 2023
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows...
Critical
Unreviewed
CVE-2023-43134
was published
Sep 20, 2023
A flaw was found in the Kubernetes service for notebooks in RHODS, where it does not prevent pods...
Critical
Unreviewed
CVE-2023-0923
was published
Sep 15, 2023
An issue in SNMP Web Pro v.1.1 allows a remote attacker to execute arbitrary code and obtain...
Critical
Unreviewed
CVE-2023-39073
was published
Sep 13, 2023
In PHPJabbers Cleaning Business Software 1.0, there is no encryption on user passwords allowing...
Critical
Unreviewed
CVE-2023-36140
was published
Sep 11, 2023
The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data,...
Critical
Unreviewed
CVE-2023-3956
was published
Jul 27, 2023
Certain HP LaserJet Pro print products are potentially vulnerable to an Elevation of Privilege...
Critical
Unreviewed
CVE-2023-26301
was published
Jul 21, 2023
The MStore API WordPress plugin before 3.9.9 does not prevent visitors from creating user...
Critical
Unreviewed
CVE-2023-3076
was published
Jul 10, 2023
The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing...
Critical
Unreviewed
CVE-2023-0291
was published
Jun 9, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass via wp_route due to...
Critical
Unreviewed
CVE-2021-4381
was published
Jun 7, 2023
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in...
Critical
Unreviewed
CVE-2021-4374
was published
Jun 7, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass as most actions and...
Critical
Unreviewed
CVE-2021-4370
was published
Jun 7, 2023
The Kiwi Social Share plugin for WordPress is vulnerable to authorization bypass due to a missing...
Critical
Unreviewed
CVE-2021-4362
was published
Jun 7, 2023
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File...
Critical
Unreviewed
CVE-2021-4356
was published
Jun 7, 2023
The Unauthenticated Account Creation plugin for WordPress is vulnerable to Unauthenticated...
Critical
Unreviewed
CVE-2021-4343
was published
Jun 7, 2023
The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing...
Critical
Unreviewed
CVE-2021-4341
was published
Jun 7, 2023
The CMP for WordPress is vulnerable to authorization bypass due to a missing capability check on...
Critical
Unreviewed
CVE-2020-36730
was published
Jun 7, 2023
The Easy WP SMTP plugin for WordPress is vulnerable to authorization bypass in versions up to,...
Critical
Unreviewed
CVE-2019-25141
was published
Jun 7, 2023
Mattermost fails to invalidate existing authorization codes when deauthorizing an OAuth2 app,...
Critical
Unreviewed
CVE-2023-2193
was published
Apr 20, 2023
A malicious extension could have called <code>browser.identity.launchWebAuthFlow</code>,...
Critical
Unreviewed
CVE-2020-6823
was published
May 24, 2022
zzcms version 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: zzcms...
Critical
Unreviewed
CVE-2019-1010149
was published
May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The...
Critical
Unreviewed
CVE-2019-1010152
was published
May 24, 2022
zzcms 8.3 and earlier is affected by: File Delete to Code Execution. The impact is: getshell. The...
Critical
Unreviewed
CVE-2019-1010150
was published
May 24, 2022
Easytime Studio Easy File Manager 1.1 has a HTTP request security bypass
Critical
Unreviewed
CVE-2013-3960
was published
May 5, 2022
** DISPUTED ** Camunda Modeler (aka camunda-modeler) through 4.6.0 allows arbitrary file access....
Critical
Unreviewed
CVE-2021-28154
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API