GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
257 advisories
Filter by severity
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated...
Moderate
Unreviewed
CVE-2022-3287
was published
Sep 29, 2022
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection...
High
Unreviewed
CVE-2020-26549
was published
May 24, 2022
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape...
High
Unreviewed
CVE-2021-20253
was published
May 24, 2022
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before...
Moderate
Unreviewed
CVE-2021-24154
was published
May 24, 2022
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000...
Critical
Unreviewed
CVE-2021-1361
was published
May 24, 2022
It has been discovered in redhat-certification that any unauthorized user may download any file...
Moderate
Unreviewed
CVE-2019-3897
was published
May 24, 2022
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local...
Moderate
Unreviewed
CVE-2021-1434
was published
May 24, 2022
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an...
High
Unreviewed
CVE-2021-33359
was published
May 24, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and...
Moderate
Unreviewed
CVE-2021-24947
was published
Feb 8, 2022
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected...
Moderate
Unreviewed
CVE-2021-29969
was published
May 24, 2022
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
High
Unreviewed
CVE-2021-36763
was published
May 24, 2022
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control...
High
Unreviewed
CVE-2021-36276
was published
May 24, 2022
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some...
High
Unreviewed
CVE-2022-33158
was published
Jul 31, 2022
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation...
High
Unreviewed
CVE-2021-37348
was published
May 24, 2022
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.
High
Unreviewed
CVE-2021-38711
was published
May 24, 2022
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access...
High
Unreviewed
CVE-2020-22124
was published
May 24, 2022
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This...
Moderate
Unreviewed
CVE-2020-25351
was published
May 24, 2022
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design)...
Moderate
Unreviewed
CVE-2021-36233
was published
May 24, 2022
A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote...
Moderate
Unreviewed
CVE-2021-34765
was published
May 24, 2022
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there...
High
Unreviewed
CVE-2021-32833
was published
May 24, 2022
A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read...
High
Unreviewed
CVE-2020-35340
was published
May 24, 2022
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0)...
High
Unreviewed
CVE-2022-27837
was published
Apr 12, 2022
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the...
Moderate
Unreviewed
CVE-2021-35203
was published
May 24, 2022
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If...
Moderate
Unreviewed
CVE-2021-41573
was published
May 24, 2022
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak...
High
Unreviewed
CVE-2021-3800
was published
Aug 24, 2022
ProTip!
Advisories are also available from the
GraphQL API