GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
122 advisories
Filter by severity
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access...
High
Unreviewed
CVE-2020-22124
was published
May 24, 2022
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there...
High
Unreviewed
CVE-2021-32833
was published
May 24, 2022
A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read...
High
Unreviewed
CVE-2020-35340
was published
May 24, 2022
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper...
High
Unreviewed
CVE-2021-22015
was published
May 24, 2022
Wildfly-Core user account mismanagement
High
CVE-2021-3717
was published
for
org.wildfly.core:wildfly-core-parent
(Maven)
May 25, 2022
Arbitrary file read in ginadmin
High
CVE-2022-30428
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
Docker Desktop 4.3.0 has Incorrect Access Control.
High
Unreviewed
CVE-2021-44719
was published
May 26, 2022
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component ...
High
Unreviewed
CVE-2022-29720
was published
May 27, 2022
In multiple CODESYS products, file download and upload function allows access to internal files...
High
Unreviewed
CVE-2022-32143
was published
Jun 25, 2022
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of...
High
Unreviewed
CVE-2022-24138
was published
Jul 7, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/...
High
Unreviewed
CVE-2021-40150
was published
Jul 18, 2022
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some...
High
Unreviewed
CVE-2022-33158
was published
Jul 31, 2022
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup...
High
Unreviewed
CVE-2022-1585
was published
Aug 2, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file...
High
Unreviewed
CVE-2022-2357
was published
Aug 9, 2022
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak...
High
Unreviewed
CVE-2021-3800
was published
Aug 24, 2022
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation...
High
Unreviewed
CVE-2021-4112
was published
Aug 26, 2022
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how...
High
Unreviewed
CVE-2022-1117
was published
Aug 29, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi...
High
Unreviewed
CVE-2022-36552
was published
Aug 31, 2022
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
High
CVE-2022-41343
was published
for
dompdf/dompdf
(Composer)
Sep 26, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows...
High
Unreviewed
CVE-2022-40126
was published
Sep 30, 2022
There is a file inclusion vulnerability in the template management module in UCMS 1.6
High
Unreviewed
CVE-2022-42234
was published
Oct 14, 2022
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF...
High
Unreviewed
CVE-2022-45129
was published
Nov 10, 2022
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
High
Unreviewed
CVE-2022-44583
was published
Nov 19, 2022
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive...
High
Unreviewed
CVE-2022-3691
was published
Nov 21, 2022
ProTip!
Advisories are also available from the
GraphQL API