GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,971
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,091
Pub
10
RubyGems
833
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+
241,042 advisories
Filter by severity
The Contact Form 7 Skins WordPress plugin through 2.5.0 does not sanitise and escape the tab...
Moderate
Unreviewed
CVE-2021-25063
was published
Feb 2, 2022
The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27,...
Moderate
Unreviewed
CVE-2022-0220
was published
Feb 2, 2022
The Visual CSS Style Editor WordPress plugin before 7.5.4 does not sanitise and escape the...
Moderate
Unreviewed
CVE-2021-24934
was published
Feb 2, 2022
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id...
High
Unreviewed
CVE-2021-24919
was published
Feb 2, 2022
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.24 does not sanitise and...
Moderate
Unreviewed
CVE-2021-24975
was published
Feb 2, 2022
The Custom Dashboard & Login Page WordPress plugin before 7.0 does not sanitise some of its...
Moderate
Unreviewed
CVE-2021-24944
was published
Feb 2, 2022
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not escape the...
Moderate
Unreviewed
CVE-2021-24937
was published
Feb 2, 2022
The Asset CleanUp: Page Speed Booster WordPress plugin before 1.3.8.5 does not sanitise and...
Moderate
Unreviewed
CVE-2021-24983
was published
Feb 2, 2022
The NextScripts: Social Networks Auto-Poster WordPress plugin before 4.3.25 does not have CSRF...
Moderate
Unreviewed
CVE-2021-25072
was published
Feb 2, 2022
The Link Library WordPress plugin before 7.2.9 does not sanitise and escape the settingscopy...
Moderate
Unreviewed
CVE-2021-25091
was published
Feb 2, 2022
The WOOF WordPress plugin before 1.2.6.3 does not sanitise and escape the woof_redraw_elements...
Moderate
Unreviewed
CVE-2021-25085
was published
Feb 2, 2022
The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table...
Moderate
Unreviewed
CVE-2021-24900
was published
Feb 2, 2022
The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow...
Moderate
Unreviewed
CVE-2021-24775
was published
Feb 2, 2022
The Domain Check WordPress plugin before 1.0.17 does not sanitise and escape the domain parameter...
Moderate
Unreviewed
CVE-2021-24926
was published
Feb 2, 2022
The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET...
Critical
Unreviewed
CVE-2021-24762
was published
Feb 2, 2022
The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF...
High
Unreviewed
CVE-2021-24763
was published
Feb 2, 2022
The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT...
Moderate
Unreviewed
CVE-2021-24707
was published
Feb 2, 2022
The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could...
Moderate
Unreviewed
CVE-2021-24868
was published
Feb 2, 2022
The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded...
Moderate
Unreviewed
CVE-2021-24765
was published
Feb 2, 2022
The Error Log Viewer WordPress plugin through 1.1.1 does not perform nonce check when deleting a...
Moderate
Unreviewed
CVE-2021-24761
was published
Feb 2, 2022
The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the...
Moderate
Unreviewed
CVE-2021-24648
was published
Feb 2, 2022
The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters...
Moderate
Unreviewed
CVE-2021-24764
was published
Feb 2, 2022
MariaDB through 10.5.9 allows an application crash via certain long SELECT DISTINCT statements...
High
Unreviewed
CVE-2021-46668
was published
Feb 2, 2022
In Eclipse Wakaama, ever since its inception until 2021-01-14, the CoAP parsing code does not...
High
Unreviewed
CVE-2021-41040
was published
Feb 2, 2022
MariaDB through 10.5.9 allows attackers to trigger a convert_const_to_int use-after-free when the...
High
Unreviewed
CVE-2021-46669
was published
Feb 2, 2022
ProTip!
Advisories are also available from the
GraphQL API