Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,016
Maven
5,000+
npm
3,721
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
852
Swift
36
Unreviewed advisories
All unreviewed
5,000+

728 advisories

Loading
Synapse does not apply enough checks to servers requesting auth events of events in a room High
CVE-2022-39335 was published for matrix-synapse (pip) May 24, 2023
In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app... High Unreviewed
CVE-2024-40652 was published Sep 11, 2024
Sensitive information disclosure and manipulation due to improper authentication. The following... High Unreviewed
CVE-2023-45246 was published Oct 6, 2023
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows... High Unreviewed
CVE-2024-44408 was published Sep 6, 2024
A missing authorization vulnerability allows a local low-privileged user on the machine to... High Unreviewed
CVE-2024-40709 was published Sep 7, 2024
A missing authorization vulnerability has been reported to affect several QNAP operating system... High Unreviewed
CVE-2023-39298 was published Sep 6, 2024
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized... High Unreviewed
CVE-2024-8480 was published Sep 6, 2024
nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of... High Unreviewed
CVE-2024-28215 was published Mar 7, 2024
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to... High Unreviewed
CVE-2024-8102 was published Sep 4, 2024
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized administrative actions... High Unreviewed
CVE-2024-5784 was published Aug 30, 2024
Missing access permissions checks in M-Files Client before 23.5.12598.0 allows elevation of... High Unreviewed
CVE-2023-2480 was published May 25, 2023
The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of... High Unreviewed
CVE-2024-7258 was published Aug 23, 2024
In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible... High Unreviewed
CVE-2024-0038 was published Feb 16, 2024
Missing Authorization vulnerability in nouthemes Leopard - WordPress offload media allows... High Unreviewed
CVE-2024-43256 was published Aug 19, 2024
Missing Authorization vulnerability in creativeon WHMpress allows Accessing Functionality Not... High Unreviewed
CVE-2024-43247 was published Aug 19, 2024
Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing... High Unreviewed
CVE-2024-38699 was published Aug 13, 2024
Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality... High Unreviewed
CVE-2024-37935 was published Aug 13, 2024
The Popup Builder plugin for WordPress is vulnerable to unauthorized modification of data and... High Unreviewed
CVE-2024-2544 was published Jun 15, 2024
A directory listing vulnerability in Best Student Result Management System v1.0 allows attackers... High Unreviewed
CVE-2023-49980 was published Mar 21, 2024
Snipe-IT allows users to promote or demote themselves or other users High
CVE-2024-5685 was published for snipe/snipe-it (Composer) Jun 14, 2024
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for... High Unreviewed
CVE-2023-6696 was published Jun 15, 2024
The File Manager Pro – Filester plugin for WordPress is vulnerable to unauthorized modification... High Unreviewed
CVE-2024-7031 was published Aug 3, 2024
Authorization bypass in Quarkus High
CVE-2023-6394 was published for io.quarkus:quarkus-smallrye-graphql-client (Maven) Dec 9, 2023
cescoffier
The FundEngine plugin for WordPress is vulnerable to privilege escalation in all versions up to,... High Unreviewed
CVE-2024-6698 was published Aug 1, 2024
A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of... High Unreviewed
CVE-2024-39546 was published Jul 11, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database