GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,131
Erlang
29
GitHub Actions
19
Go
1,937
Maven
5,000+
npm
3,676
NuGet
642
pip
3,292
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
20,141 advisories
Filter by severity
The Frontend File Manager (versions < 4.0), N-Media Post Front-end Form (versions < 1.1) plugins...
Critical
Unreviewed
CVE-2016-15042
was published
Oct 16, 2024
The File Manager plugin for WordPress is vulnerable to authorization bypass due to a missing...
Critical
Unreviewed
CVE-2018-25105
was published
Oct 16, 2024
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in...
Critical
Unreviewed
CVE-2020-36832
was published
Oct 16, 2024
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a...
Critical
Unreviewed
CVE-2020-36837
was published
Oct 16, 2024
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions...
Critical
Unreviewed
CVE-2021-4443
was published
Oct 16, 2024
The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File...
Critical
Unreviewed
CVE-2019-25213
was published
Oct 16, 2024
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to...
Critical
Unreviewed
CVE-2019-25217
was published
Oct 16, 2024
The ZoomSounds plugin for WordPress is vulnerable to arbitrary file uploads due to missing file...
Critical
Unreviewed
CVE-2021-4449
was published
Oct 16, 2024
The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the ...
Critical
Unreviewed
CVE-2016-15040
was published
Oct 16, 2024
The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP...
Critical
Unreviewed
CVE-2024-9634
was published
Oct 16, 2024
The UltimateAI plugin for WordPress is vulnerable to authentication bypass in versions up to, and...
Critical
Unreviewed
CVE-2024-9105
was published
Oct 16, 2024
A security issue was discovered in the Kubernetes Image Builder versions <= v0.1.37 where default...
Critical
Unreviewed
CVE-2024-9486
was published
Oct 15, 2024
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Critical
Unreviewed
CVE-2024-21216
was published
Oct 15, 2024
Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications ...
Critical
Unreviewed
CVE-2024-21172
was published
Oct 15, 2024
Phpgurukul User Registration & Login and User Management System 3.2 is vulnerable to SQL...
Critical
Unreviewed
CVE-2024-48283
was published
Oct 15, 2024
An unauthenticated remote attacker can execute OS commands via UDP on the device due to missing...
Critical
Unreviewed
CVE-2024-45274
was published
Oct 15, 2024
The devices contain two hard coded user accounts with hardcoded passwords that allow an...
Critical
Unreviewed
CVE-2024-45275
was published
Oct 15, 2024
The devices are vulnerable to session hijacking due to insufficient
entropy in its session ID...
Critical
Unreviewed
CVE-2024-47945
was published
Oct 15, 2024
Enterprise Cloud Database from Ragic does not authenticate access to specific functionality,...
Critical
Unreviewed
CVE-2024-9984
was published
Oct 15, 2024
SQL injection vulnerability in TAI Smart Factory's QPLANT SF version 1.0. Exploitation of this...
Critical
Unreviewed
CVE-2024-9925
was published
Oct 15, 2024
Enterprise Cloud Database from Ragic does not properly validate the file type for uploads....
Critical
Unreviewed
CVE-2024-9985
was published
Oct 15, 2024
Property Management System from ChanGate has a SQL Injection vulnerability, allowing...
Critical
Unreviewed
CVE-2024-9972
was published
Oct 15, 2024
AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query...
Critical
Unreviewed
CVE-2024-9982
was published
Oct 15, 2024
The device directly executes .patch firmware upgrade files on a USB stick without any prior...
Critical
Unreviewed
CVE-2024-47944
was published
Oct 15, 2024
Local file inclusion in Automatic Systems Maintenance SlimLane...
Critical
Unreviewed
CVE-2024-48823
was published
Oct 14, 2024
ProTip!
Advisories are also available from the
GraphQL API