Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,838
Erlang
36
GitHub Actions
33
Go
2,460
Maven
5,000+
npm
4,082
NuGet
723
pip
3,873
Pub
12
RubyGems
943
Rust
1,010
Swift
39
Unreviewed advisories
All unreviewed
5,000+

290,226 advisories

Loading
The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX... High Unreviewed
CVE-2021-24879 was published Feb 8, 2022
The Rearrange Woocommerce Products WordPress plugin before 3.0.8 does not have proper access... Moderate Unreviewed
CVE-2021-24928 was published Feb 8, 2022
The Advanced Cron Manager WordPress plugin before 2.4.2, advanced-cron-manager-pro WordPress... Moderate Unreviewed
CVE-2021-25084 was published Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and... Moderate Unreviewed
CVE-2021-24947 was published Feb 8, 2022
The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF... Moderate Unreviewed
CVE-2021-24993 was published Feb 8, 2022
The IP2Location Country Blocker WordPress plugin before 2.26.5 does not have authorisation and... High Unreviewed
CVE-2021-25095 was published Feb 8, 2022
IIPImage High Resolution Streaming Image Server prior to commit... High Unreviewed
CVE-2021-46389 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX... Moderate Unreviewed
CVE-2021-24843 was published Feb 8, 2022
FISCO-BCOS release-3.0.0-rc2 contains a denial of service vulnerability. Some transactions may... High Unreviewed
CVE-2021-46359 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of... Moderate Unreviewed
CVE-2021-24880 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CRSF checks in its... Moderate Unreviewed
CVE-2021-24839 was published Feb 8, 2022
The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string... Moderate Unreviewed
CVE-2021-24878 was published Feb 8, 2022
XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries.... High Unreviewed
CVE-2022-23320 was published Feb 8, 2022
Full list of recipients from customer users in a contact field could be disclosed in notification... Low Unreviewed
CVE-2022-0474 was published Feb 8, 2022
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in... Moderate Unreviewed
CVE-2022-22679 was published Feb 8, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43927 was published Feb 8, 2022
Improper neutralization of special elements used in an OS command ('OS Command Injection')... High Unreviewed
CVE-2021-43928 was published Feb 8, 2022
Improper neutralization of special elements in output used by a downstream component ('Injection'... Moderate Unreviewed
CVE-2021-43929 was published Feb 8, 2022
OTRS administrators can configure dynamic field and inject malicious JavaScript code in the error... Moderate Unreviewed
CVE-2022-0473 was published Feb 8, 2022
In affected Octopus Server versions when the server HTTP and HTTPS bindings are configured to... Moderate Unreviewed
CVE-2022-23184 was published Feb 8, 2022
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information... High Unreviewed
CVE-2022-22833 was published Feb 8, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43925 was published Feb 8, 2022
Exposure of sensitive information to an unauthorized actor vulnerability in Web Server in... High Unreviewed
CVE-2022-22680 was published Feb 8, 2022
Improper neutralization of special elements used in an SQL command ('SQL Injection')... Critical Unreviewed
CVE-2021-43926 was published Feb 8, 2022
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a... Critical Unreviewed
CVE-2022-22831 was published Feb 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database