Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

115 advisories

Loading
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before... Moderate Unreviewed
CVE-2021-24154 was published May 24, 2022
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an... Moderate Unreviewed
CVE-2021-1256 was published May 24, 2022
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... Moderate Unreviewed
CVE-2021-1512 was published May 24, 2022
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected... Moderate Unreviewed
CVE-2021-29969 was published May 24, 2022
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This... Moderate Unreviewed
CVE-2020-25351 was published May 24, 2022
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design)... Moderate Unreviewed
CVE-2021-36233 was published May 24, 2022
A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote... Moderate Unreviewed
CVE-2021-34765 was published May 24, 2022
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep... Moderate Unreviewed
CVE-2021-25459 was published May 24, 2022
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If... Moderate Unreviewed
CVE-2021-41573 was published May 24, 2022
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the... Moderate Unreviewed
CVE-2021-35203 was published May 24, 2022
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence... Moderate Unreviewed
CVE-2021-31600 was published May 24, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root... Moderate Unreviewed
CVE-2021-40149 was published Jul 18, 2022
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded... Moderate Unreviewed
CVE-2022-2222 was published Jul 18, 2022
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers... Moderate Unreviewed
CVE-2022-34049 was published Jul 21, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain... Moderate Unreviewed
CVE-2022-22490 was published Aug 11, 2022
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file... Moderate Unreviewed
CVE-2022-2392 was published Aug 23, 2022
Keycloak has Files or Directories Accessible to External Parties Moderate
CVE-2021-3856 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated... Moderate Unreviewed
CVE-2022-3287 was published Sep 29, 2022
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded... Moderate Unreviewed
CVE-2022-2981 was published Oct 11, 2022
The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly... Moderate Unreviewed
CVE-2022-2834 was published Oct 17, 2022
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows... Moderate Unreviewed
CVE-2022-37424 was published Oct 28, 2022
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an... Moderate Unreviewed
CVE-2022-23738 was published Nov 1, 2022
Markdownify has Files or Directories Accessible to External Parties Moderate
CVE-2022-41710 was published for electron-markdownify (npm) Nov 4, 2022
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via... Moderate Unreviewed
CVE-2022-43449 was published Nov 4, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input... Moderate Unreviewed
CVE-2022-4108 was published Dec 19, 2022
ProTip! Advisories are also available from the GraphQL API