Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,189
Erlang
31
GitHub Actions
19
Go
1,985
Maven
5,000+
npm
3,701
NuGet
657
pip
3,326
Pub
11
RubyGems
882
Rust
836
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

42 advisories

Loading
The Product Table for WooCommerce (wooproducttable) WordPress plugin before 3.1.2 does not have... Critical Unreviewed
CVE-2022-1020 was published Apr 19, 2022
An issue was discovered in Carlo Gavazzi VMU-C EM prior to firmware Version A11_U05, and VMU-C PV... Critical Unreviewed
CVE-2017-5145 was published May 17, 2022
The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags... Critical Unreviewed
CVE-2021-24884 was published May 24, 2022
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving... Critical Unreviewed
CVE-2015-20105 was published Dec 3, 2021
The Pixel Cat WordPress plugin before 2.6.2 does not have CSRF check when saving its settings,... Critical Unreviewed
CVE-2021-24922 was published Dec 14, 2021
IBM API Connect's Developer Portal 5.0.0.0 through 5.0.8.3 is vulnerable to Server Side Request... Critical Unreviewed
CVE-2018-1712 was published May 13, 2022
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing... Critical Unreviewed
CVE-2017-16780 was published May 13, 2022
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro... Critical Unreviewed
CVE-2021-25032 was published Jan 11, 2022
CSRF token bypass in GeniXCMS before 1.0.2 could result in escalation of privileges. The... Critical Unreviewed
CVE-2017-5959 was published May 13, 2022
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1,... Critical Unreviewed
CVE-2017-6080 was published May 13, 2022
Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewall_SPI.exe, cgi-bin... Critical Unreviewed
CVE-2018-20577 was published May 14, 2022
An issue was discovered in PopojiCMS v2.0.1. admin_component.php is exploitable via the po-admin... Critical Unreviewed
CVE-2018-18934 was published May 14, 2022
BeyondTrust Secure Remote Access Base Software through 6.0.1 allows an attacker to achieve full... Critical Unreviewed
CVE-2021-31589 was published Feb 8, 2022
The Post Snippets WordPress plugin before 3.1.4 does not have CSRF check when importing files,... Critical Unreviewed
CVE-2021-25010 was published Mar 1, 2022
The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks when... Critical Unreviewed
CVE-2022-1574 was published Jun 28, 2022
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in ThemeHigh... Critical Unreviewed
CVE-2023-51545 was published Dec 29, 2023
Power BI Report Server Spoofing Vulnerability Critical Unreviewed
CVE-2021-41372 was published May 24, 2022
Cross-Site Request Forgery (CSRF), Deserialization of Untrusted Data vulnerability in Repute... Critical Unreviewed
CVE-2023-52200 was published Jan 8, 2024
Cross Site Scripting vulnerability in Ruckus Wireless (CommScope) Ruckus CloudPath v.5.12.54414... Critical Unreviewed
CVE-2023-45992 was published Oct 19, 2023
A cross-site request forgery (CSRF) vulnerability in all versions of the api and web server... Critical Unreviewed
CVE-2024-24593 was published Feb 6, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2024-20254 was published Feb 7, 2024
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication... Critical Unreviewed
CVE-2024-20252 was published Feb 7, 2024
Das Q before 2019-08-02 allows web sites to execute arbitrary code on client machines, as... Critical Unreviewed
CVE-2019-14551 was published May 24, 2022
The wpbrutalai WordPress plugin before 2.0.0 does not properly sanitise and escape a parameter... Critical Unreviewed
CVE-2023-2601 was published Jun 27, 2023
Cross-Site Request Forgery (CSRF) vulnerability in ThingsForRestaurants Quick Restaurant... Critical Unreviewed
CVE-2022-44739 was published Jul 6, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database