GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,094
Erlang
29
GitHub Actions
19
Go
1,920
Maven
5,000+
npm
3,648
NuGet
638
pip
3,263
Pub
10
RubyGems
873
Rust
822
Swift
35
Unreviewed advisories
All unreviewed
5,000+
1,703 advisories
Filter by severity
Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and...
Moderate
Unreviewed
CVE-2022-23183
was published
Apr 1, 2022
Missing permission checks in Jekins Bitbucket Server Integration Plugin
Moderate
CVE-2022-28134
was published
for
io.jenkins.plugins:atlassian-bitbucket-server-integration
(Maven)
Mar 30, 2022
Missing permission check in Jenkins RocketChat Notifier Plugin
Moderate
CVE-2022-28139
was published
for
org.jenkins-ci.plugins:rocketchatnotifier
(Maven)
Mar 30, 2022
Missing permission check in Jenkins JiraTestResultReporter Plugin
Moderate
CVE-2022-28137
was published
for
org.jenkins-ci.plugins:JiraTestResultReporter
(Maven)
Mar 30, 2022
Missing permission checks in Jenkins Proxmox Plugin
Moderate
CVE-2022-28144
was published
for
org.jenkins-ci.plugins:proxmox
(Maven)
Mar 30, 2022
Missing permission check in Jenkins Continuous Integration with Toad Edge Plugin
Moderate
CVE-2022-28147
was published
for
org.jenkins-ci.plugins:ci-with-toad-edge
(Maven)
Mar 30, 2022
Missing permission check in Jenkins Job and Node ownership Plugin
Moderate
CVE-2022-28151
was published
for
com.synopsys.jenkinsci:ownership
(Maven)
Mar 30, 2022
Missing permission Jenkins Pipeline Phoenix AutoTest Plugin
Moderate
CVE-2022-28158
was published
for
com.surenpi.jenkins:phoenix-autotest
(Maven)
Mar 30, 2022
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related...
Moderate
Unreviewed
CVE-2021-24978
was published
Mar 29, 2022
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of...
Moderate
Unreviewed
CVE-2022-0833
was published
Mar 29, 2022
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz...
Moderate
Unreviewed
CVE-2022-27948
was published
Mar 28, 2022
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious...
Moderate
Unreviewed
CVE-2021-45852
was published
Mar 17, 2022
Missing permission checks in AWS Credentials Plugin
Moderate
CVE-2022-27199
was published
for
org.jenkins-ci.plugins:aws-credentials
(Maven)
Mar 16, 2022
CSRF vulnerability and missing permission checks in Extended Choice Parameter Plugin allow SSRF
Moderate
CVE-2022-27205
was published
for
org.jenkins-ci.plugins:extended-choice-parameter
(Maven)
Mar 16, 2022
Missing permission checks in Jenkins kubernetes-cd Plugin allow enumerating credentials IDs
Moderate
CVE-2022-27209
was published
for
org.jenkins-ci.plugins:kubernetes-cd
(Maven)
Mar 16, 2022
Missing permission checks in Jenkins Release Helper Plugin
Moderate
CVE-2022-27215
was published
for
org.jenkins-ci.plugins:release-helper
(Maven)
Mar 16, 2022
The Insight Core WordPress plugin through 1.0 does not have any authorisation and CSRF checks in...
Moderate
Unreviewed
CVE-2021-24950
was published
Mar 15, 2022
The Meks Easy Photo Feed Widget WordPress plugin before 1.2.4 does not have capability and CSRF...
Moderate
Unreviewed
CVE-2021-24958
was published
Mar 15, 2022
saleor Missing Authorization vulnerability
Moderate
CVE-2022-0932
was published
for
saleor
(pip)
Mar 12, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32477
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Moodle Exposure of Sensitive Information to an Unauthorized Actor
Moderate
CVE-2021-32472
was published
for
moodle/moodle
(Composer)
Mar 12, 2022
Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an...
Moderate
Unreviewed
CVE-2022-26103
was published
Mar 11, 2022
Due to missing authorization check, SAP NetWeaver Application Server for ABAP - versions 700, 701...
Moderate
Unreviewed
CVE-2022-26102
was published
Mar 11, 2022
SAP Financial Consolidation - version 10.1, does not perform necessary authorization checks for...
Moderate
Unreviewed
CVE-2022-26104
was published
Mar 11, 2022
The Smart Forms WordPress plugin before 2.6.71 does not have authorisation in its...
Moderate
Unreviewed
CVE-2022-0163
was published
Mar 8, 2022
ProTip!
Advisories are also available from the
GraphQL API