GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
122 advisories
Filter by severity
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read...
High
Unreviewed
CVE-2023-38952
was published
Aug 4, 2023
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1...
High
Unreviewed
CVE-2023-38948
was published
Aug 3, 2023
JavaScript pre-processing can be used by the attacker to gain access to the file system (read...
High
Unreviewed
CVE-2023-29450
was published
Jul 13, 2023
Apache InLong has Files or Directories Accessible to External Parties
High
CVE-2023-31064
was published
for
org.apache.inlong:manager-workflow
(Maven)
Jul 6, 2023
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
High
Unreviewed
CVE-2023-34645
was published
Jun 16, 2023
Dolibarr vulnerable to unauthenticated database access
High
CVE-2023-33568
was published
for
dolibarr/dolibarr
(Composer)
Jun 13, 2023
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate...
High
Unreviewed
CVE-2023-2180
was published
May 15, 2023
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a...
High
Unreviewed
CVE-2023-28375
was published
Mar 28, 2023
amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.
High
Unreviewed
CVE-2023-23330
was published
Mar 28, 2023
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows...
High
Unreviewed
CVE-2023-1246
was published
Mar 10, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the...
High
Unreviewed
CVE-2023-26948
was published
Mar 9, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the...
High
Unreviewed
CVE-2023-26956
was published
Mar 8, 2023
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user...
High
Unreviewed
CVE-2023-0331
was published
Feb 27, 2023
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read...
High
Unreviewed
CVE-2023-22974
was published
Feb 22, 2023
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization,...
High
Unreviewed
CVE-2023-0822
was published
Feb 17, 2023
CRMEB 4.4.4 is vulnerable to Any File download.
High
Unreviewed
CVE-2022-44343
was published
Feb 6, 2023
Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the...
High
Unreviewed
CVE-2022-48161
was published
Feb 1, 2023
GitOps Run allows for Kubernetes workload injection
High
CVE-2022-23508
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it...
High
Unreviewed
CVE-2022-4140
was published
Jan 3, 2023
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation...
High
Unreviewed
CVE-2022-4106
was published
Dec 19, 2022
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https:...
High
Unreviewed
CVE-2022-45227
was published
Dec 12, 2022
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030...
High
Unreviewed
CVE-2022-44356
was published
Nov 29, 2022
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive...
High
Unreviewed
CVE-2022-3691
was published
Nov 21, 2022
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
High
Unreviewed
CVE-2022-44583
was published
Nov 19, 2022
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF...
High
Unreviewed
CVE-2022-45129
was published
Nov 10, 2022
ProTip!
Advisories are also available from the
GraphQL API