Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,902
Maven
5,000+
npm
3,631
NuGet
638
pip
3,246
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,581 advisories

Loading
The AliExpress Dropshipping with AliNext Lite plugin for WordPress is vulnerable to unauthorized... Moderate Unreviewed
CVE-2024-4450 was published Jun 19, 2024
An issue was discovered in the SportsTeams extension for MediaWiki before 1.35.12, 1.36.x through... Moderate Unreviewed
CVE-2023-45370 was published Oct 9, 2023
The Classified Listing – Classified ads & Business Directory Plugin plugin for WordPress is... Moderate Unreviewed
CVE-2024-7888 was published Sep 13, 2024
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability... Moderate Unreviewed
CVE-2024-37930 was published Aug 13, 2024
Apache Airflow: Bypass permission verification to read code of other dags Moderate
CVE-2023-50944 was published for apache-airflow (pip) Jan 24, 2024
An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7... Moderate Unreviewed
CVE-2024-4660 was published Sep 12, 2024
In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app... High Unreviewed
CVE-2024-40652 was published Sep 11, 2024
Missing Authorization in Apache Airflow Moderate
CVE-2021-35936 was published for apache-airflow (pip) Aug 30, 2021
sunSUNQ
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-7721 was published Sep 11, 2024
The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-7727 was published Sep 11, 2024
XWiki Platform document history including authors of any page exposed to unauthorized actors Moderate
CVE-2024-45591 was published for org.xwiki.platform:xwiki-platform-rest-server (Maven) Sep 10, 2024
Xiqinger
Sensitive information disclosure and manipulation due to improper authentication. The following... High Unreviewed
CVE-2023-45246 was published Oct 6, 2023
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows... High Unreviewed
CVE-2024-44408 was published Sep 6, 2024
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to... Moderate Unreviewed
CVE-2024-8369 was published Sep 10, 2024
The RFC enabled function module allows a low privileged user to perform denial of service on any... Moderate Unreviewed
CVE-2024-45285 was published Sep 10, 2024
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an... Moderate Unreviewed
CVE-2024-44112 was published Sep 10, 2024
The RFC enabled function module allows a low privileged user to perform various actions, such as... Moderate Unreviewed
CVE-2024-44117 was published Sep 10, 2024
An authenticated attacker with high privilege can use functions of SLCM transactions to which... Low Unreviewed
CVE-2024-45284 was published Sep 10, 2024
Due to lack of proper authorization checks when calling user, a function module in obsolete Tobin... Moderate Unreviewed
CVE-2024-45286 was published Sep 10, 2024
Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform... Low Unreviewed
CVE-2024-41728 was published Sep 10, 2024
The RFC enabled function module allows a low privileged user to add URLs to any user's workplace... Moderate Unreviewed
CVE-2024-44115 was published Sep 10, 2024
The RFC enabled function module allows a low privileged user to add any workbook to any user's... Moderate Unreviewed
CVE-2024-44116 was published Sep 10, 2024
The RFC enabled function module allows a low privileged user to read any user's workplace... Moderate Unreviewed
CVE-2024-42380 was published Sep 10, 2024
The RFC enabled function module allows a low privileged user to delete the workplace favourites... Moderate Unreviewed
CVE-2024-42371 was published Sep 10, 2024
A missing authorization vulnerability allows a local low-privileged user on the machine to... High Unreviewed
CVE-2024-40709 was published Sep 7, 2024
ProTip! Advisories are also available from the GraphQL API