GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local...
Moderate
Unreviewed
CVE-2023-41717
was published
Aug 31, 2023
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an...
Moderate
Unreviewed
CVE-2023-4475
was published
Aug 22, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user,...
Moderate
Unreviewed
CVE-2023-37551
was published
Aug 3, 2023
Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users...
Moderate
Unreviewed
CVE-2023-32226
was published
Jul 30, 2023
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan...
Moderate
Unreviewed
CVE-2023-2538
was published
Jul 5, 2023
Guava vulnerable to insecure use of temporary directory
Moderate
CVE-2023-2976
was published
for
com.google.guava:guava
(Maven)
Jun 14, 2023
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some...
Moderate
Unreviewed
CVE-2023-2766
was published
May 17, 2023
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1...
Moderate
Unreviewed
CVE-2023-29107
was published
May 9, 2023
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction...
Moderate
Unreviewed
CVE-2022-48094
was published
Feb 1, 2023
The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin...
Moderate
Unreviewed
CVE-2022-4346
was published
Jan 23, 2023
OpenStack Swift XML external entities (XXE) Injection
Moderate
CVE-2022-47950
was published
for
swift
(pip)
Jan 18, 2023
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0...
Moderate
Unreviewed
CVE-2022-45440
was published
Jan 17, 2023
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient...
Moderate
Unreviewed
CVE-2022-45052
was published
Jan 4, 2023
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it...
Moderate
Unreviewed
CVE-2022-4236
was published
Jan 3, 2023
Some Dahua software products have a vulnerability of unrestricted download of file. After...
Moderate
Unreviewed
CVE-2022-45426
was published
Dec 27, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input...
Moderate
Unreviewed
CVE-2022-4108
was published
Dec 19, 2022
Markdownify has Files or Directories Accessible to External Parties
Moderate
CVE-2022-41710
was published
for
electron-markdownify
(npm)
Nov 4, 2022
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via...
Moderate
Unreviewed
CVE-2022-43449
was published
Nov 4, 2022
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an...
Moderate
Unreviewed
CVE-2022-23738
was published
Nov 1, 2022
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows...
Moderate
Unreviewed
CVE-2022-37424
was published
Oct 28, 2022
The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly...
Moderate
Unreviewed
CVE-2022-2834
was published
Oct 17, 2022
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded...
Moderate
Unreviewed
CVE-2022-2981
was published
Oct 11, 2022
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated...
Moderate
Unreviewed
CVE-2022-3287
was published
Sep 29, 2022
Keycloak has Files or Directories Accessible to External Parties
Moderate
CVE-2021-3856
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file...
Moderate
Unreviewed
CVE-2022-2392
was published
Aug 23, 2022
ProTip!
Advisories are also available from the
GraphQL API