Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

147 advisories

Loading
Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege... Critical Unreviewed
CVE-2024-52382 was published Nov 14, 2024
CWE-862: Missing Authorization vulnerability exists that could cause unauthorized access when... Critical Unreviewed
CVE-2024-10575 was published Nov 13, 2024
The Leopard - WordPress Offload Media plugin for WordPress is vulnerable to unauthorized... Critical Unreviewed
CVE-2024-10589 was published Nov 9, 2024
The Debug Tool plugin for WordPress is vulnerable to arbitrary file creation due to a missing... Critical Unreviewed
CVE-2024-10586 was published Nov 9, 2024
Missing Authorization vulnerability in GRÜN Software Group GmbH GRÜN spendino Spendenformular... Critical Unreviewed
CVE-2024-50476 was published Oct 29, 2024
Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This... Critical Unreviewed
CVE-2024-50475 was published Oct 29, 2024
Missing Authorization vulnerability in Szabolcs Szecsenyi PegaPoll allows Accessing Functionality... Critical Unreviewed
CVE-2024-50490 was published Oct 29, 2024
Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows... Critical Unreviewed
CVE-2024-48538 was published Oct 24, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)... Critical Unreviewed
CVE-2024-21216 was published Oct 15, 2024
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing... Critical Unreviewed
CVE-2018-25105 was published Oct 16, 2024
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a... Critical Unreviewed
CVE-2020-36837 was published Oct 16, 2024
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to... Critical Unreviewed
CVE-2019-25217 was published Oct 16, 2024
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation... Critical Unreviewed
CVE-2024-9707 was published Oct 11, 2024
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for... Critical Unreviewed
CVE-2024-9234 was published Oct 11, 2024
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Critical Unreviewed
CVE-2024-7950 was published Sep 4, 2024
SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing... Critical Unreviewed
CVE-2023-40309 was published Sep 15, 2023
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress... Critical Unreviewed
CVE-2024-8289 was published Sep 4, 2024
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is... Critical Unreviewed
CVE-2024-7856 was published Aug 29, 2024
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred... Critical Unreviewed
CVE-2024-45168 was published Aug 22, 2024
The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to... Critical Unreviewed
CVE-2024-6500 was published Aug 17, 2024
Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and... Critical Unreviewed
CVE-2024-36246 was published May 31, 2024
In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on... Critical Unreviewed
CVE-2024-41730 was published Aug 13, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-4898 was published Jun 12, 2024
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project... Critical Unreviewed
CVE-2024-6806 was published Jul 22, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of... Critical Unreviewed
CVE-2024-6636 was published Jul 20, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database