GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,755
Composer 4,856
Erlang 36
GitHub Actions 36
Go 2,488
Maven 5,911
npm 4,104
NuGet 735
pip 3,923
Pub 12
RubyGems 945
Rust 1,017
Swift 39

Unreviewed advisories

All unreviewed 268,372

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

132 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An issue in the /index/user/user_edit.html component of YJCMS v1.0.9 allows unauthenticated... Critical Unreviewed

CVE-2022-45276 was published Nov 23, 2022

The Tenda AC1200 Router model W15Ev2 V15.11.0.10(1576) is affected by a password exposure... Moderate Unreviewed

CVE-2022-40845 was published Nov 15, 2022

In Simple Exam Reviewer Management System v1.0 the User List function has improper access control... Moderate Unreviewed

CVE-2022-42197 was published Oct 20, 2022

A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get... High Unreviewed

CVE-2022-42238 was published Oct 11, 2022

A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to... Critical Unreviewed

CVE-2022-41746 was published Oct 11, 2022

Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN... High Unreviewed

CVE-2022-36158 was published Sep 27, 2022

The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated... High Unreviewed

CVE-2022-2551 was published Aug 23, 2022

The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores... High Unreviewed

CVE-2022-2544 was published Aug 23, 2022

The SP Project & Document Manager WordPress plugin through 4.57 uses an easily guessable path to... Moderate Unreviewed

CVE-2022-1551 was published Jul 26, 2022

Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with... High Unreviewed

CVE-2022-2192 was published Jul 20, 2022

A Privilege Escalation vulnerability exists in Sourcecodester Money Transfer Management System 1... High Unreviewed

CVE-2021-44582 was published Jun 11, 2022

An unauthenticated attacker can send a specially crafted packets to update the “notes” section of... Moderate Unreviewed

CVE-2022-31485 was published Jun 7, 2022

An unauthenticated attacker can send a specially crafted network packet to delete a user from the... High Unreviewed

CVE-2022-31484 was published Jun 7, 2022

An unauthenticated attacker could arbitrarily upload firmware files to the target device,... High Unreviewed

CVE-2022-31480 was published Jun 7, 2022

The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location,... High Unreviewed

CVE-2021-24695 was published May 24, 2022

Mitsubishi Electric SmartRTU devices allow remote attackers to obtain sensitive information ... High Unreviewed

CVE-2018-16060 was published May 24, 2022

Affected versions of Atlassian Confluence Server allow remote attackers to view restricted... Moderate Unreviewed

CVE-2021-26085 was published May 24, 2022

The Realteo WordPress plugin before 1.2.4, used by the Findeo Theme, did not ensure that the... Moderate Unreviewed

CVE-2021-24238 was published May 24, 2022

An Improper Access Control vulnerability was discovered in the Controlled Admin Access WordPress... Critical Unreviewed

CVE-2021-24215 was published May 24, 2022

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An... Moderate Unreviewed

CVE-2020-35570 was published May 24, 2022

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information ... Moderate Unreviewed

CVE-2020-35391 was published May 24, 2022

A CWE-425: Direct Request ('Forced Browsing') vulnerability exists in the Web Server on Modicon... Moderate Unreviewed

CVE-2020-7541 was published May 24, 2022

In affected Ops Manager versions there is an exposed http route was that may allow attackers to... Moderate Unreviewed

CVE-2019-2388 was published May 24, 2022

goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of... High Unreviewed

CVE-2020-10181 was published May 24, 2022

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/... Moderate Unreviewed

CVE-2019-16388 was published May 24, 2022

Previous 1…3…6 Next

Previous 1 2 3 4 5 6 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

132 advisories