GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
257 advisories
Filter by severity
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/...
High
Unreviewed
CVE-2021-40150
was published
Jul 18, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows...
High
Unreviewed
CVE-2022-40126
was published
Sep 30, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi...
High
Unreviewed
CVE-2022-36552
was published
Aug 31, 2022
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup...
High
Unreviewed
CVE-2022-1585
was published
Aug 2, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-30945
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 18, 2022
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030...
High
Unreviewed
CVE-2022-44356
was published
Nov 29, 2022
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF...
High
Unreviewed
CVE-2022-45129
was published
Nov 10, 2022
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29447
was published
May 21, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29446
was published
May 20, 2022
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the...
Moderate
Unreviewed
CVE-2021-42644
was published
May 18, 2022
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via...
Moderate
Unreviewed
CVE-2022-43449
was published
Nov 4, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the...
High
Unreviewed
CVE-2020-3926
was published
May 24, 2022
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in...
Moderate
Unreviewed
CVE-2020-7241
was published
May 24, 2022
Some Dahua software products have a vulnerability of unrestricted download of file. After...
Moderate
Unreviewed
CVE-2022-45426
was published
Dec 27, 2022
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10...
Moderate
Unreviewed
CVE-2019-13941
was published
May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the...
High
Unreviewed
CVE-2020-3927
was published
May 24, 2022
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system...
High
Unreviewed
CVE-2019-7305
was published
May 24, 2022
GitOps Run allows for Kubernetes workload injection
High
CVE-2022-23508
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment...
Moderate
Unreviewed
CVE-2020-26182
was published
May 24, 2022
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows...
Moderate
Unreviewed
CVE-2020-11641
was published
May 24, 2022
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior...
Moderate
Unreviewed
CVE-2020-1908
was published
May 24, 2022
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows...
Moderate
Unreviewed
CVE-2020-11642
was published
May 24, 2022
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability....
Moderate
Unreviewed
CVE-2020-26183
was published
May 24, 2022
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https:...
High
Unreviewed
CVE-2022-45227
was published
Dec 12, 2022
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows...
Moderate
Unreviewed
CVE-2020-27368
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API