Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,992
Erlang
29
GitHub Actions
16
Go
1,782
Maven
5,000+
npm
3,544
NuGet
619
pip
3,134
Pub
10
RubyGems
838
Rust
795
Swift
34
Unreviewed advisories
All unreviewed
5,000+

2,469 advisories

Loading
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib... High Unreviewed
CVE-2021-24906 was published Jan 25, 2022
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the... Moderate Unreviewed
CVE-2021-24968 was published Jan 25, 2022
The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the... Moderate Unreviewed
CVE-2021-25013 was published Jan 25, 2022
Incorrect Default Permissions and Improper Access Control in snipe-it Moderate
CVE-2022-0179 was published for snipe/snipe-it (Composer) Jan 21, 2022
An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5,... Moderate Unreviewed
CVE-2022-0152 was published Jan 19, 2022
The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to... High Unreviewed
CVE-2022-0236 was published Jan 19, 2022
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF... Moderate Unreviewed
CVE-2021-25025 was published Jan 18, 2022
Trusted Firmware-M (TF-M) 1.4.0, when Profile Small is used, has incorrect access control. NSPE... Moderate Unreviewed
CVE-2021-40327 was published Jan 14, 2022
Incorrect Permission Assignment for Critical Resource in Jenkins Mailer Plugin Moderate
CVE-2022-20614 was published for org.jenkins-ci.plugins:mailer (Maven) Jan 13, 2022
westonsteimel
Incorrect Permission Assignment for Critical Resource in Jenkins Credentials Binding Plugin Moderate
CVE-2022-20616 was published for org.jenkins-ci.plugins:credentials-binding (Maven) Jan 13, 2022
NotMyFault westonsteimel
secjoker
Incorrect Permission Assignment for Critical Resource in Jenkins Bitbucket Branch Source Plugin Moderate
CVE-2022-20618 was published for org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven) Jan 13, 2022
NotMyFault westonsteimel
Missing permission checks in SSH Agent Plugin allow enumerating credentials IDs Moderate
CVE-2022-20620 was published for org.jenkins-ci.plugins:ssh-agent (Maven) Jan 13, 2022
westonsteimel
Missing permission check in Jenkins Publish Over SSH Plugin Moderate
CVE-2022-23112 was published for org.jenkins-ci.plugins:publish-over-ssh (Maven) Jan 13, 2022
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro... Critical Unreviewed
CVE-2021-25032 was published Jan 11, 2022
Missing Authorization in DayByDay CRM Moderate
CVE-2022-22107 was published for bottelet/flarepoint (Composer) Jan 8, 2022
Missing Authorization in DayByDay CRM Moderate
CVE-2022-22108 was published for bottelet/flarepoint (Composer) Jan 8, 2022
Missing Authorization in DayByDay CRM High
CVE-2022-22111 was published for bottelet/flarepoint (Composer) Jan 8, 2022
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated... High Unreviewed
CVE-2021-24831 was published Jan 4, 2022
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for... Moderate Unreviewed
CVE-2021-43333 was published Jan 2, 2022
Yappli is an application development platform which provides the function to access a requested... High Unreviewed
CVE-2021-20873 was published Dec 29, 2021
The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API... Moderate Unreviewed
CVE-2021-24997 was published Dec 28, 2021
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed
CVE-2020-20944 was published Dec 28, 2021
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle... High Unreviewed
CVE-2021-37572 was published Dec 27, 2021
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37... Moderate Unreviewed
CVE-2021-44857 was published Dec 18, 2021
TCMAN GIM does not perform an authorization check when trying to access determined resources. A... High Unreviewed
CVE-2021-40853 was published Dec 18, 2021
ProTip! Advisories are also available from the GraphQL API