Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

132 advisories

Loading
The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress... Critical Unreviewed
CVE-2024-8289 was published Sep 4, 2024
The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is... Critical Unreviewed
CVE-2024-7856 was published Aug 29, 2024
An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred... Critical Unreviewed
CVE-2024-45168 was published Aug 22, 2024
The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to... Critical Unreviewed
CVE-2024-6500 was published Aug 17, 2024
Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and... Critical Unreviewed
CVE-2024-36246 was published May 31, 2024
In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on... Critical Unreviewed
CVE-2024-41730 was published Aug 13, 2024
The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to... Critical Unreviewed
CVE-2024-4898 was published Jun 12, 2024
The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project... Critical Unreviewed
CVE-2024-6806 was published Jul 22, 2024
The WooCommerce - Social Login plugin for WordPress is vulnerable to unauthorized modification of... Critical Unreviewed
CVE-2024-6636 was published Jul 20, 2024
PTC Creo Elements/Direct License Server exposes a web interface which can be used by... Critical Unreviewed
CVE-2024-6071 was published Jun 28, 2024
Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be... Critical Unreviewed
CVE-2024-6303 was published Jun 25, 2024
Missing Authorization vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a... Critical Unreviewed
CVE-2023-39312 was published Jun 19, 2024
Missing Authorization vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager... Critical Unreviewed
CVE-2024-33565 was published Jun 9, 2024
Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a... Critical Unreviewed
CVE-2024-31244 was published Jun 9, 2024
In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at `packages/backend/src/api/v1... Critical Unreviewed
CVE-2024-3761 was published May 20, 2024
A vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected... Critical Unreviewed
CVE-2024-27939 was published May 14, 2024
Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue... Critical Unreviewed
CVE-2024-33566 was published Apr 29, 2024
Missing Authorization vulnerability in Repute Infosystems ARMember.This issue affects ARMember:... Critical Unreviewed
CVE-2024-32948 was published Apr 24, 2024
Missing Authorization vulnerability in Support Genix.This issue affects Support Genix: from n/a... Critical Unreviewed
CVE-2023-49742 was published Apr 18, 2024
The ListingPro - WordPress Directory & Listing Theme for WordPress is vulnerable to Arbitrary... Critical Unreviewed
CVE-2020-36719 was published Jun 7, 2023
Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a... Critical Unreviewed
CVE-2024-25912 was published Apr 11, 2024
The AI ChatBot plugin for WordPress is vulnerable to unauthorized use of AJAX actions due to... Critical Unreviewed
CVE-2023-5533 was published Oct 20, 2023
Vulnerability of missing authorization in the kernel module. Successful exploitation of this... Critical Unreviewed
CVE-2023-41296 was published Sep 25, 2023
There is an unauthorized access vulnerability in TP-LINK ER5120G 4.0 2.0.0 Build 210817 Rel... Critical Unreviewed
CVE-2023-43135 was published Sep 21, 2023
There is an unauthorized access vulnerability in Netis 360RAC1200 v1.3.4517, which allows... Critical Unreviewed
CVE-2023-43134 was published Sep 20, 2023
ProTip! Advisories are also available from the GraphQL API