Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access... High Unreviewed
CVE-2020-22124 was published May 24, 2022
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there... High Unreviewed
CVE-2021-32833 was published May 24, 2022
A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read... High Unreviewed
CVE-2020-35340 was published May 24, 2022
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper... High Unreviewed
CVE-2021-22015 was published May 24, 2022
PhantomJS Arbitrary File Read High
CVE-2019-17221 was published for phantomjs (npm) May 24, 2022
Wildfly-Core user account mismanagement High
CVE-2021-3717 was published for org.wildfly.core:wildfly-core-parent (Maven) May 25, 2022
Arbitrary file read in ginadmin High
CVE-2022-30428 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Docker Desktop 4.3.0 has Incorrect Access Control. High Unreviewed
CVE-2021-44719 was published May 26, 2022
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component ... High Unreviewed
CVE-2022-29720 was published May 27, 2022
In multiple CODESYS products, file download and upload function allows access to internal files... High Unreviewed
CVE-2022-32143 was published Jun 25, 2022
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of... High Unreviewed
CVE-2022-24138 was published Jul 7, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/... High Unreviewed
CVE-2021-40150 was published Jul 18, 2022
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some... High Unreviewed
CVE-2022-33158 was published Jul 31, 2022
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup... High Unreviewed
CVE-2022-1585 was published Aug 2, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file... High Unreviewed
CVE-2022-2357 was published Aug 9, 2022
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak... High Unreviewed
CVE-2021-3800 was published Aug 24, 2022
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation... High Unreviewed
CVE-2021-4112 was published Aug 26, 2022
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how... High Unreviewed
CVE-2022-1117 was published Aug 29, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi... High Unreviewed
CVE-2022-36552 was published Aug 31, 2022
Dompdf allows remote file inclusion because URI validation failure does not halt font registration High
CVE-2022-41343 was published for dompdf/dompdf (Composer) Sep 26, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows... High Unreviewed
CVE-2022-40126 was published Sep 30, 2022
There is a file inclusion vulnerability in the template management module in UCMS 1.6 High Unreviewed
CVE-2022-42234 was published Oct 14, 2022
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF... High Unreviewed
CVE-2022-45129 was published Nov 10, 2022
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. High Unreviewed
CVE-2022-44583 was published Nov 19, 2022
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive... High Unreviewed
CVE-2022-3691 was published Nov 21, 2022
ProTip! Advisories are also available from the GraphQL API