Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,992
Erlang
39
GitHub Actions
38
Go
2,634
Maven
5,000+
npm
4,258
NuGet
760
pip
4,051
Pub
12
RubyGems
955
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

300,871 advisories

Loading
The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php,... Moderate Unreviewed
CVE-2017-12131 was published May 17, 2022
The Event List plugin 0.7.9 for WordPress has XSS in the slug array parameter to wp-admin/admin... Moderate Unreviewed
CVE-2017-12068 was published May 17, 2022
Reporter.exe in Acunetix 8 allows remote attackers to cause a denial of service (application... Moderate Unreviewed
CVE-2017-11674 was published May 17, 2022
The Amazon Link WordPress plugin through 3.2.10 does not sanitise and escape some of its settings... Moderate Unreviewed
CVE-2022-1645 was published May 31, 2022
The Team Members WordPress plugin before 5.1.1 does not escape some of its Team settings, which... Moderate Unreviewed
CVE-2022-1568 was published May 31, 2022
The IMDB info box WordPress plugin through 2.0 does not sanitize and escape some of its settings,... Moderate Unreviewed
CVE-2022-1294 was published May 31, 2022
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS... High Unreviewed
CVE-2022-26741 was published May 27, 2022
The Call&Book Mobile Bar WordPress plugin through 1.2.2 does not sanitize and escape some of its... Moderate Unreviewed
CVE-2022-1644 was published May 31, 2022
The StaffList WordPress plugin before 3.1.5 does not properly sanitise and escape a parameter... Critical Unreviewed
CVE-2022-1556 was published May 31, 2022
The User Meta WordPress plugin before 2.4.3 does not sanitise and escape the Form Name, as well... Moderate Unreviewed
CVE-2022-0376 was published May 31, 2022
An exploitable unatuhenticated command injection exists in the OpenClinic GA 5.173.3. Specially... Critical Unreviewed
CVE-2020-27227 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24194 was published May 24, 2022
On Juniper Networks Junos OS platforms with link aggregation (lag) configured, executing any... High Unreviewed
CVE-2021-0230 was published May 24, 2022
A command injection vulnerability in Avaya Session Border Controller for Enterprise could allow... High Unreviewed
CVE-2020-7034 was published May 24, 2022
A vulnerability in the software-based SSL/TLS message handler of Cisco Firepower Threat Defense ... High Unreviewed
CVE-2021-1402 was published May 24, 2022
A vulnerability due to the improper handling of direct memory access (DMA) buffers on EX4300... Moderate Unreviewed
CVE-2021-0242 was published May 24, 2022
In Fibaro Home Center 2 and Lite devices with firmware version 4.600 and older an internal... High Unreviewed
CVE-2021-20990 was published May 24, 2022
A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130,... Critical Unreviewed
CVE-2021-1459 was published May 24, 2022
The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4... Moderate Unreviewed
CVE-2021-24219 was published May 24, 2022
Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the... High Unreviewed
CVE-2021-24195 was published May 24, 2022
Virtua Cobranca before 12R allows SQL Injection on the login page. High Unreviewed
CVE-2021-37589 was published Jun 8, 2022
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30711 was published Jun 8, 2022
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers... Critical Unreviewed
CVE-2022-30713 was published Jun 8, 2022
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers... Moderate Unreviewed
CVE-2022-30724 was published Jun 8, 2022
LibreHealth EHR Base 2.0.0 allows gacl/admin/acl_admin.php return_page XSS. Moderate Unreviewed
CVE-2022-31495 was published Jun 8, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database