Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
Improper Input Validation, Files or Directories Accessible to External Parties vulnerability in... High Unreviewed
CVE-2023-4550 was published Jan 29, 2024
Dompdf allows remote file inclusion because URI validation failure does not halt font registration High
CVE-2022-41343 was published for dompdf/dompdf (Composer) Sep 26, 2022
A vulnerability in the on-device application development workflow feature for the Cisco IOx... High Unreviewed
CVE-2023-20235 was published Oct 4, 2023
Unrestricted File Upload in Form Framework High
CVE-2021-21355 was published for typo3/cms (Composer) Mar 23, 2021
smichaelsen ohader
marclindemann vertexvaar sushiwushi waldhacker1
The Backup Migration plugin for WordPress is vulnerable to unauthorized access of data due to... High Unreviewed
CVE-2023-6266 was published Jan 11, 2024
The Duplicator WordPress plugin before 1.5.7.1, Duplicator Pro WordPress plugin before 4.5.14.2... High Unreviewed
CVE-2023-6114 was published Dec 26, 2023
CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X... High Unreviewed
CVE-2023-39545 was published Nov 17, 2023
Local Temp Directory Hijacking Vulnerability High
CVE-2020-27216 was published for org.eclipse.jetty:jetty-webapp (Maven) Nov 4, 2020
JLLeitschuh timtebeek
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4... High Unreviewed
CVE-2021-31831 was published May 24, 2022
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which... High Unreviewed
CVE-2021-44315 was published Dec 17, 2021
The PHP to Page plugin for WordPress is vulnerable Local File Inclusion to Remote Code Execution... High Unreviewed
CVE-2023-5199 was published Oct 30, 2023
The HTML filter and csv-file search plugin for WordPress is vulnerable to Local File Inclusion in... High Unreviewed
CVE-2023-5099 was published Oct 31, 2023
NVIDIA GPU Display Driver for Windows contains a vulnerability where an attacker may be able to... High Unreviewed
CVE-2023-31017 was published Nov 2, 2023
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction... High Unreviewed
CVE-2023-45160 was published Oct 5, 2023
Apache InLong has Files or Directories Accessible to External Parties High
CVE-2023-31064 was published for org.apache.inlong:manager-workflow (Maven) Jul 6, 2023
Dolibarr vulnerable to unauthenticated database access High
CVE-2023-33568 was published for dolibarr/dolibarr (Composer) Jun 13, 2023
PhantomJS Arbitrary File Read High
CVE-2019-17221 was published for phantomjs (npm) May 24, 2022
Insecure path handling in Bundler High
CVE-2019-3881 was published for bundler (RubyGems) May 10, 2021
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a... High Unreviewed
CVE-2023-28375 was published Mar 28, 2023
amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion. High Unreviewed
CVE-2023-23330 was published Mar 28, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the... High Unreviewed
CVE-2023-26956 was published Mar 8, 2023
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows... High Unreviewed
CVE-2023-1246 was published Mar 10, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the... High Unreviewed
CVE-2023-26948 was published Mar 9, 2023
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read... High Unreviewed
CVE-2023-22974 was published Feb 22, 2023
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization,... High Unreviewed
CVE-2023-0822 was published Feb 17, 2023
ProTip! Advisories are also available from the GraphQL API