GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
257 advisories
Filter by severity
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an
unprivileged...
Moderate
Unreviewed
CVE-2023-5101
was published
Oct 9, 2023
In the affected version of the 1E Client, an ordinary user could subvert downloaded instruction...
High
Unreviewed
CVE-2023-45160
was published
Oct 5, 2023
A vulnerability in the on-device application development workflow feature for the Cisco IOx...
High
Unreviewed
CVE-2023-20235
was published
Oct 4, 2023
A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This...
Low
Unreviewed
CVE-2023-5297
was published
Sep 30, 2023
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the...
High
Unreviewed
CVE-2023-43856
was published
Sep 27, 2023
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit,...
High
Unreviewed
CVE-2023-3712
was published
Sep 12, 2023
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002...
Moderate
Unreviewed
CVE-2023-4588
was published
Sep 6, 2023
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic....
Low
Unreviewed
CVE-2023-4743
was published
Sep 4, 2023
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local...
Moderate
Unreviewed
CVE-2023-41717
was published
Aug 31, 2023
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an...
Moderate
Unreviewed
CVE-2023-4475
was published
Aug 22, 2023
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read...
High
Unreviewed
CVE-2023-38952
was published
Aug 4, 2023
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1...
High
Unreviewed
CVE-2023-38948
was published
Aug 3, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user,...
Moderate
Unreviewed
CVE-2023-37551
was published
Aug 3, 2023
Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users...
Moderate
Unreviewed
CVE-2023-32226
was published
Jul 30, 2023
JavaScript pre-processing can be used by the attacker to gain access to the file system (read...
High
Unreviewed
CVE-2023-29450
was published
Jul 13, 2023
Apache InLong has Files or Directories Accessible to External Parties
High
CVE-2023-31064
was published
for
org.apache.inlong:manager-workflow
(Maven)
Jul 6, 2023
Apache InLong has Files or Directories Accessible to External Parties in Apache InLong
Critical
CVE-2023-31066
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 6, 2023
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan...
Moderate
Unreviewed
CVE-2023-2538
was published
Jul 5, 2023
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
High
Unreviewed
CVE-2023-34645
was published
Jun 16, 2023
Guava vulnerable to insecure use of temporary directory
Moderate
CVE-2023-2976
was published
for
com.google.guava:guava
(Maven)
Jun 14, 2023
Dolibarr vulnerable to unauthenticated database access
High
CVE-2023-33568
was published
for
dolibarr/dolibarr
(Composer)
Jun 13, 2023
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Low
CVE-2023-32684
was published
for
github.com/lima-vm/lima
(Go)
May 31, 2023
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some...
Moderate
Unreviewed
CVE-2023-2766
was published
May 17, 2023
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate...
High
Unreviewed
CVE-2023-2180
was published
May 15, 2023
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1...
Moderate
Unreviewed
CVE-2023-29107
was published
May 9, 2023
ProTip!
Advisories are also available from the
GraphQL API