GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
7,857 advisories
Filter by severity
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751...
Low
Unreviewed
CVE-2022-25829
was published
Mar 11, 2022
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751...
Low
Unreviewed
CVE-2022-25830
was published
Mar 11, 2022
SPIP before 3.2.14 and 4.x before 4.0.5 allows unauthenticated access to information about...
Moderate
Unreviewed
CVE-2022-26847
was published
Mar 11, 2022
IBM Guardium Data Encryption (GDE) 4.0.0.0 and 5.0.0.0 could disclose internal IP address...
Moderate
Unreviewed
CVE-2021-39025
was published
Mar 11, 2022
The Video Conferencing with Zoom WordPress plugin before 3.8.17 does not have authorisation in...
Moderate
Unreviewed
CVE-2022-0384
was published
Mar 8, 2022
The CorreosExpress WordPress plugin through 2.6.0 generates log files which are publicly...
Moderate
Unreviewed
CVE-2021-25009
was published
Mar 8, 2022
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory...
Moderate
Unreviewed
CVE-2021-3677
was published
Mar 4, 2022
Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone....
Moderate
Unreviewed
CVE-2022-23779
was published
Mar 3, 2022
An exposure of sensitive system information to an unauthorized control sphere vulnerability [CWE...
Moderate
Unreviewed
CVE-2022-22303
was published
Mar 3, 2022
An issue was discovered in Zoho ManageEngine Key Manager Plus before 6200. A service exposed by...
Moderate
Unreviewed
CVE-2022-24447
was published
Mar 3, 2022
The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have...
Moderate
Unreviewed
CVE-2022-0345
was published
Mar 1, 2022
The Yoast SEO WordPress plugin before 17.3 discloses the full internal path of featured images in...
Moderate
Unreviewed
CVE-2021-25118
was published
Mar 1, 2022
All versions of FileCloud prior to 21.3 are vulnerable to user enumeration. The vulnerability...
Moderate
Unreviewed
CVE-2022-24633
was published
Feb 25, 2022
All versions of Samba prior to 4.15.5 are vulnerable to a malicious client using a server symlink...
Moderate
Unreviewed
CVE-2021-44141
was published
Feb 22, 2022
Sensitive information disclosure discovered in wpDiscuz WordPress plugin (versions <= 7.3.11).
High
Unreviewed
CVE-2022-23984
was published
Feb 22, 2022
Mattermost 6.3.0 and earlier fails to protect email addresses of the creator of the team via one...
Moderate
Unreviewed
CVE-2022-0708
was published
Feb 22, 2022
A flaw was found in s390 eBPF JIT in bpf_jit_insn in arch/s390/net/bpf_jit_comp.c in the Linux...
Moderate
Unreviewed
CVE-2021-20320
was published
Feb 19, 2022
The vulnerability discovered in WordPress Perfect Brands for WooCommerce plugin (versions <= 2.0...
High
Unreviewed
CVE-2022-23982
was published
Feb 19, 2022
A flaw in netfilter could allow a network-connected attacker to infer openvpn connection endpoint...
Critical
Unreviewed
CVE-2021-3773
was published
Feb 17, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Guacamole
Moderate
Unreviewed
CVE-2021-41767
was published
Feb 15, 2022
The Futurio Extra WordPress plugin before 1.6.3 allowed any logged in user, even a subscriber,...
Moderate
Unreviewed
CVE-2021-25110
was published
Feb 15, 2022
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by information...
High
Unreviewed
CVE-2021-45421
was published
Feb 15, 2022
** UNSUPPORTED WHEN ASSIGNED ** Emerson Dixell XWEB-500 products are affected by arbitrary file...
Critical
Unreviewed
CVE-2021-45420
was published
Feb 15, 2022
A CWE-200: Information Exposure vulnerability exists that could cause sensitive information of...
High
Unreviewed
CVE-2021-22785
was published
Feb 12, 2022
An Information Disclosure vulnerability for JT files in Autodesk Inventor 2022, 2021, 2020, 2019...
High
Unreviewed
CVE-2021-40159
was published
Feb 11, 2022
ProTip!
Advisories are also available from the
GraphQL API