GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
122 advisories
Filter by severity
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in...
High
Unreviewed
CVE-2023-4550
was published
Jan 29, 2024
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
High
CVE-2022-41343
was published
for
dompdf/dompdf
(Composer)
Sep 26, 2022
A vulnerability in the on-device application development workflow feature for the Cisco IOx...
High
Unreviewed
CVE-2023-20235
was published
Oct 4, 2023
Unrestricted File Upload in Form Framework
High
CVE-2021-21355
was published
for
typo3/cms
(Composer)
Mar 23, 2021
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to...
High
Unreviewed
CVE-2023-6266
was published
Jan 11, 2024
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2...
High
Unreviewed
CVE-2023-6114
was published
Dec 26, 2023
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X...
High
Unreviewed
CVE-2023-39545
was published
Nov 17, 2023
Local Temp Directory Hijacking Vulnerability
High
CVE-2020-27216
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Nov 4, 2020
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4...
High
Unreviewed
CVE-2021-31831
was published
May 24, 2022
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which...
High
Unreviewed
CVE-2021-44315
was published
Dec 17, 2021
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution...
High
Unreviewed
CVE-2023-5199
was published
Oct 30, 2023
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in...
High
Unreviewed
CVE-2023-5099
was published
Oct 31, 2023
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to...
High
Unreviewed
CVE-2023-31017
was published
Nov 2, 2023
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction...
High
Unreviewed
CVE-2023-45160
was published
Oct 5, 2023
Apache InLong has Files or Directories Accessible to External Parties
High
CVE-2023-31064
was published
for
org.apache.inlong:manager-workflow
(Maven)
Jul 6, 2023
Dolibarr vulnerable to unauthenticated database access
High
CVE-2023-33568
was published
for
dolibarr/dolibarr
(Composer)
Jun 13, 2023
Insecure path handling in Bundler
High
CVE-2019-3881
was published
for
bundler
(RubyGems)
May 10, 2021
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a...
High
Unreviewed
CVE-2023-28375
was published
Mar 28, 2023
amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.
High
Unreviewed
CVE-2023-23330
was published
Mar 28, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the...
High
Unreviewed
CVE-2023-26956
was published
Mar 8, 2023
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows...
High
Unreviewed
CVE-2023-1246
was published
Mar 10, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the...
High
Unreviewed
CVE-2023-26948
was published
Mar 9, 2023
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read...
High
Unreviewed
CVE-2023-22974
was published
Feb 22, 2023
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization,...
High
Unreviewed
CVE-2023-0822
was published
Feb 17, 2023
ProTip!
Advisories are also available from the
GraphQL API