Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,635
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

23,910 advisories

Loading
A vulnerability was found in Brave UX for-the-badge and classified as critical. Affected by this... Critical Unreviewed
CVE-2021-4281 was published Dec 26, 2022
The IWS WordPress plugin through 1.0 does not properly escape a parameter before using it in a... Critical Unreviewed
CVE-2022-4117 was published Dec 26, 2022
The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin before 2022.6... Critical Unreviewed
CVE-2022-4120 was published Dec 26, 2022
The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate... Critical Unreviewed
CVE-2022-4047 was published Dec 26, 2022
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated... Critical Unreviewed
CVE-2022-24119 was published Dec 26, 2022
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, an unauthenticated attacker... Critical Unreviewed
CVE-2021-45467 was published Dec 26, 2022
Certain General Electric Renewable Energy products download firmware without an integrity check.... Critical Unreviewed
CVE-2022-24117 was published Dec 26, 2022
Certain General Electric Renewable Energy products allow attackers to use a code to trigger a... Critical Unreviewed
CVE-2022-24118 was published Dec 26, 2022
In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a... Critical Unreviewed
CVE-2021-45466 was published Dec 26, 2022
Certain General Electric Renewable Energy products have inadequate encryption strength. This... Critical Unreviewed
CVE-2022-24116 was published Dec 26, 2022
A vulnerability was found in barronwaffles dwc_network_server_emulator. It has been declared as... Critical Unreviewed
CVE-2020-36631 was published Dec 25, 2022
A vulnerability was found in FreePBX cdr 14.0. It has been classified as critical. This affects... Critical Unreviewed
CVE-2020-36630 was published Dec 25, 2022
A vulnerability classified as critical was found in SourceCodester School Dormitory Management... Critical Unreviewed
CVE-2022-4739 was published Dec 25, 2022
A vulnerability was found in SourceCodester Blood Bank Management System 1.0. It has been rated... Critical Unreviewed
CVE-2022-4737 was published Dec 25, 2022
A vulnerability classified as critical has been found in Calsign APDE. This affects the function... Critical Unreviewed
CVE-2020-36628 was published Dec 25, 2022
Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform... Critical Unreviewed
CVE-2022-45891 was published Dec 25, 2022
An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can make various... Critical Unreviewed
CVE-2022-44013 was published Dec 25, 2022
An issue was discovered in Simmeth Lieferantenmanager before 5.6. An attacker can inject raw SQL... Critical Unreviewed
CVE-2022-44015 was published Dec 25, 2022
Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video... Critical Unreviewed
CVE-2022-45896 was published Dec 25, 2022
The Nintendo NetworkBuffer class, as used in Animal Crossing: New Horizons before 2.0.6 and other... Critical Unreviewed
CVE-2022-47949 was published Dec 25, 2022
Out-of-bounds read was discovered in YDB server. An attacker could construct a query with insert... Critical Unreviewed
CVE-2022-28228 was published Dec 24, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the picName... Critical Unreviewed
CVE-2022-45721 was published Dec 23, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain multiple command injection... Critical Unreviewed
CVE-2022-45709 was published Dec 23, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the sPortMapIndex... Critical Unreviewed
CVE-2022-45708 was published Dec 23, 2022
IP-COM M50 V15.11.0.33(10768) was discovered to contain a buffer overflow via the rules parameter... Critical Unreviewed
CVE-2022-45718 was published Dec 23, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database