Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,604 advisories

Loading
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of... High Unreviewed
CVE-2022-1329 was published Apr 20, 2022
Arbitrary File Deletion vulnerability in XOS-Shop xos_shop_system 1.0.9 via... High Unreviewed
CVE-2021-46820 was published Jun 17, 2022
The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover (even the... High Unreviewed
CVE-2022-1903 was published Jun 28, 2022
In telecom service, there is a possible information disclosure due to a missing permission check.... Moderate Unreviewed
CVE-2022-21764 was published Jul 7, 2022
In telecom service, there is a possible information disclosure due to a missing permission check.... Moderate Unreviewed
CVE-2022-21763 was published Jul 7, 2022
Exposure of sensitive information to an unauthorized actor issue in multiple applications of... Moderate Unreviewed
CVE-2022-29512 was published Jul 12, 2022
There is an missing authorization issue in the system service. Since the component does not have... High Unreviewed
CVE-2022-20433 was published Oct 12, 2022
The application SAP Enterprise Extension Defense Forces & Public Security - versions 605, 606,... Moderate Unreviewed
CVE-2022-31592 was published Jul 13, 2022
An improper validation vulnerability in IBM InfoSphere Information Server 11.7 Pack for SAP Apps... Moderate Unreviewed
CVE-2022-22373 was published Jul 2, 2022
In Autoboot, there is a possible permission bypass due to a missing permission check. This could... High Unreviewed
CVE-2022-21777 was published Jul 7, 2022
Unauthenticated users can access sensitive web URLs through GET request, which should be... Moderate Unreviewed
CVE-2021-32504 was published Jul 20, 2022
Within SAP S/4HANA - versions S4CORE 101, 102, 103, 104, 105, 106, SAPSCORE 127, the application... Moderate Unreviewed
CVE-2022-31597 was published Jul 13, 2022
In getSubscriptionProperty of SubscriptionController.java, there is a possible read of a... Moderate Unreviewed
CVE-2022-20225 was published Jul 14, 2022
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain... Critical Unreviewed
CVE-2022-35293 was published Aug 11, 2022
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers... Moderate Unreviewed
CVE-2022-34573 was published Jul 26, 2022
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers... Moderate Unreviewed
CVE-2022-34572 was published Jul 26, 2022
The QQ application 8.7.1 for Android and iOS does not enforce the permission requirements (e.g.,... High Unreviewed
CVE-2021-33057 was published Jul 27, 2022
An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers... Moderate Unreviewed
CVE-2022-34574 was published Jul 26, 2022
A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another... Moderate Unreviewed
CVE-2021-28052 was published Sep 27, 2022
The Tipsacarrier WordPress plugin through 1.4.4.2 does not have any authorisation check in place... High Unreviewed
CVE-2021-25002 was published May 3, 2022
The Frontend File Manager Plugin WordPress plugin before 21.3 allows any unauthenticated user to... Moderate Unreviewed
CVE-2022-3124 was published Oct 4, 2022
The YaySMTP WordPress plugin before 2.2.1 does not have capability check in an AJAX action,... Moderate Unreviewed
CVE-2022-2369 was published Aug 2, 2022
Jenkins Snow Commander Plugin prior to 2.0 vulnerable to Missing Authorization Moderate
CVE-2022-25193 was published for io.jenkins.plugins:embotics-vcommander (Maven) Feb 16, 2022
NotMyFault
SAP Banking Services (Generic Market Data) 400, 450, and 500 does not perform necessary... Moderate Unreviewed
CVE-2021-21467 was published May 24, 2022
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782,... High Unreviewed
CVE-2020-26818 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database