GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
181 advisories
Filter by severity
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of...
Critical
Unreviewed
CVE-2024-6636
was published
Jul 20, 2024
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project...
Critical
Unreviewed
CVE-2024-6806
was published
Jul 22, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to...
Critical
Unreviewed
CVE-2024-4898
was published
Jun 12, 2024
In SAP BusinessObjects Business Intelligence
Platform, if Single Signed On is enabled on...
Critical
Unreviewed
CVE-2024-41730
was published
Aug 13, 2024
Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and...
Critical
Unreviewed
CVE-2024-36246
was published
May 31, 2024
The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to...
Critical
Unreviewed
CVE-2024-6500
was published
Aug 17, 2024
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Critical
CVE-2024-43401
was published
for
org.xwiki.platform:xwiki-platform-web-templates
(Maven)
Aug 19, 2024
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred...
Critical
Unreviewed
CVE-2024-45168
was published
Aug 22, 2024
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is...
Critical
Unreviewed
CVE-2024-7856
was published
Aug 29, 2024
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress...
Critical
Unreviewed
CVE-2024-8289
was published
Sep 4, 2024
XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet
Critical
CVE-2024-37901
was published
for
org.xwiki.platform:xwiki-platform-search-ui
(Maven)
Jul 31, 2024
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing...
Critical
Unreviewed
CVE-2023-40309
was published
Sep 15, 2023
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for...
Critical
Unreviewed
CVE-2024-7950
was published
Sep 4, 2024
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for...
Critical
Unreviewed
CVE-2024-9234
was published
Oct 11, 2024
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation...
Critical
Unreviewed
CVE-2024-9707
was published
Oct 11, 2024
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to...
Critical
Unreviewed
CVE-2019-25217
was published
Oct 16, 2024
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a...
Critical
Unreviewed
CVE-2020-36837
was published
Oct 16, 2024
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing...
Critical
Unreviewed
CVE-2018-25105
was published
Oct 16, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Critical
Unreviewed
CVE-2024-21216
was published
Oct 15, 2024
Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows...
Critical
Unreviewed
CVE-2024-48538
was published
Oct 24, 2024
Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality...
Critical
Unreviewed
CVE-2024-50490
was published
Oct 29, 2024
Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular...
Critical
Unreviewed
CVE-2024-50476
was published
Oct 29, 2024
Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This...
Critical
Unreviewed
CVE-2024-50475
was published
Oct 29, 2024
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing...
Critical
Unreviewed
CVE-2024-10586
was published
Nov 9, 2024
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized...
Critical
Unreviewed
CVE-2024-10589
was published
Nov 9, 2024
ProTip!
Advisories are also available from the
GraphQL API