GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,978
Erlang
29
GitHub Actions
16
Go
1,768
Maven
4,991
npm
3,537
NuGet
616
pip
3,107
Pub
10
RubyGems
837
Rust
786
Swift
34
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
5,902 advisories
Filter by severity
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not...
High
Unreviewed
CVE-2022-0478
was published
Mar 15, 2022
The Simple Quotation WordPress plugin through 1.3.2 does not have authorisation (and CSRF) checks...
High
Unreviewed
CVE-2022-22735
was published
Mar 15, 2022
The login.jsp page of Quicklert for Digium 10.0.0 (1043) is affected by both Blind SQL Injection...
High
Unreviewed
CVE-2021-43969
was published
Mar 11, 2022
Found a potential security vulnerability inside the Pandora API. Affected Pandora FMS version...
High
Unreviewed
CVE-2022-0507
was published
Mar 11, 2022
Luocms v2.0 is affected by SQL Injection in /admin/manager/admin_mod.php. An attacker can obtain...
High
Unreviewed
CVE-2022-24601
was published
Mar 11, 2022
Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api...
High
Unreviewed
CVE-2022-25225
was published
Mar 11, 2022
A vulnerability has been identified in SINEC NMS (All versions). A privileged authenticated...
High
Unreviewed
CVE-2022-24281
was published
Mar 9, 2022
The Conversios.io WordPress plugin before 4.6.2 does not sanitise, validate and escape the...
High
Unreviewed
CVE-2021-24952
was published
Mar 8, 2022
The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a...
High
Unreviewed
CVE-2021-24777
was published
Mar 8, 2022
The AdRotate WordPress plugin before 5.8.22 does not sanitise and escape the adrotate_action...
High
Unreviewed
CVE-2022-0267
was published
Mar 8, 2022
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the ...
High
Unreviewed
CVE-2022-0439
was published
Mar 8, 2022
The WP Visitor Statistics (Real Time Traffic) WordPress plugin before 5.6 does not sanitise and...
High
Unreviewed
CVE-2022-0410
was published
Mar 8, 2022
The RegistrationMagic WordPress plugin before 5.0.2.2 does not sanitise and escape the rm_form_id...
High
Unreviewed
CVE-2022-0420
was published
Mar 8, 2022
When the server is configured to use trust authentication with a clientcert requirement or to use...
High
Unreviewed
CVE-2021-23214
was published
Mar 5, 2022
Simple Bakery Shop Management v1.0 was discovered to contain a SQL injection vulnerability via...
High
Unreviewed
CVE-2022-25393
was published
Mar 4, 2022
OS4ED openSIS 8.0 is affected by SQL injection in ChooseCpSearch.php, ChooseRequestSearch.php. An...
High
Unreviewed
CVE-2021-40635
was published
Mar 4, 2022
OS4ED openSIS 8.0 is affected by SQL Injection in CheckDuplicateName.php, which can extract...
High
Unreviewed
CVE-2021-40636
was published
Mar 4, 2022
There is a SQL injection vulnerability in the background of taocms 3.0.2 in parameter id:action...
High
Unreviewed
CVE-2022-23380
was published
Mar 2, 2022
An issue was discovered in taocms 3.0.2. This is a SQL blind injection that can obtain database...
High
Unreviewed
CVE-2022-23387
was published
Mar 2, 2022
A improper neutralization of special elements used in an sql command ('sql injection') in...
High
Unreviewed
CVE-2021-43077
was published
Mar 2, 2022
The WP Cloudy, weather plugin WordPress plugin before 4.4.9 does not escape the post_id parameter...
High
Unreviewed
CVE-2021-24864
was published
Mar 1, 2022
The WP Review Slider WordPress plugin before 11.0 does not sanitise and escape the pid parameter...
High
Unreviewed
CVE-2022-0383
was published
Mar 1, 2022
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the...
High
Unreviewed
CVE-2022-23911
was published
Mar 1, 2022
The Asgaros Forum WordPress plugin before 2.0.0 does not sanitise and escape the post_id...
High
Unreviewed
CVE-2022-0411
was published
Mar 1, 2022
SQL injection vulnerability in the phpUploader v1.2 and earlier allows a remote unauthenticated...
High
Unreviewed
CVE-2022-23986
was published
Feb 25, 2022
ProTip!
Advisories are also available from the
GraphQL API