GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
646 advisories
Filter by severity
Improper authorization in handler for custom URL scheme vulnerability in Android App 'Mercari ...
High
Unreviewed
CVE-2021-20835
was published
Nov 25, 2021
WordPress Hide My WP plugin (versions <= 6.2.3) can be deactivated by any unauthenticated user....
High
Unreviewed
CVE-2021-36917
was published
Nov 25, 2021
The Tawk.To Live Chat WordPress plugin before 0.6.0 does not have capability and CSRF checks in...
High
Unreviewed
CVE-2021-24914
was published
Dec 7, 2021
The web administration server in Solar-Log 500 before 2.8.2 Build 52 does not require...
High
Unreviewed
CVE-2021-34543
was published
Dec 8, 2021
Advanced Custom Fields versions prior to 5.11 and Advanced Custom Fields Pro versions prior to 5...
High
Unreviewed
CVE-2021-20865
was published
Dec 14, 2021
SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary...
High
Unreviewed
CVE-2021-44233
was published
Dec 15, 2021
An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will...
High
Unreviewed
CVE-2021-41066
was published
Dec 15, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and...
High
Unreviewed
CVE-2021-27859
was published
Dec 16, 2021
A missing authorization vulnerability in the web management interface of FatPipe WARP, IPVPN, and...
High
Unreviewed
CVE-2021-27857
was published
Dec 16, 2021
FatPipe WARP, IPVPN, and MPVPN software prior to versions 10.1.2r60p91 and 10.2.2r42 allows a...
High
Unreviewed
CVE-2021-27855
was published
Dec 16, 2021
In AdapterService and GattService definition of AndroidManifest.xml, there is a possible way to...
High
Unreviewed
CVE-2021-1017
was published
Dec 16, 2021
In onCreate of NfcImportVCardActivity.java, there is a possible way to add a contact without user...
High
Unreviewed
CVE-2021-0926
was published
Dec 16, 2021
In createOrUpdate of Permission.java, there is a possible way to gain internal permissions due to...
High
Unreviewed
CVE-2021-0923
was published
Dec 16, 2021
In enforceCrossUserOrProfilePermission of PackageManagerService.java, there is a possible bypass...
High
Unreviewed
CVE-2021-0922
was published
Dec 16, 2021
TCMAN GIM does not perform an authorization check when trying to access determined resources. A...
High
Unreviewed
CVE-2021-40853
was published
Dec 18, 2021
MediaTek microchips, as used in NETGEAR devices through 2021-11-11 and other devices, mishandle...
High
Unreviewed
CVE-2021-37572
was published
Dec 27, 2021
Yappli is an application development platform which provides the function to access a requested...
High
Unreviewed
CVE-2021-20873
was published
Dec 29, 2021
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated...
High
Unreviewed
CVE-2021-24831
was published
Jan 4, 2022
The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to...
High
Unreviewed
CVE-2022-0236
was published
Jan 19, 2022
The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib...
High
Unreviewed
CVE-2021-24906
was published
Jan 25, 2022
Single Connect does not perform an authorization check when using the "sc-assigned-credential-ui"...
High
Unreviewed
CVE-2021-44795
was published
Jan 28, 2022
Single Connect does not perform an authorization check when using the sc-reports-ui" module. A...
High
Unreviewed
CVE-2021-44793
was published
Jan 28, 2022
The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting...
High
Unreviewed
CVE-2021-25093
was published
Feb 2, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and...
High
Unreviewed
CVE-2021-25095
was published
Feb 8, 2022
A CWE-862: Missing Authorization vulnerability exists that could cause information exposure when...
High
Unreviewed
CVE-2022-24317
was published
Feb 11, 2022
ProTip!
Advisories are also available from the
GraphQL API