GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue...
Moderate
Unreviewed
CVE-2017-7079
was published
May 13, 2022
Markdownify has Files or Directories Accessible to External Parties
Moderate
CVE-2022-41710
was published
for
electron-markdownify
(npm)
Nov 4, 2022
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient...
Moderate
Unreviewed
CVE-2022-45052
was published
Jan 4, 2023
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded...
Moderate
Unreviewed
CVE-2022-2981
was published
Oct 11, 2022
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically...
Moderate
Unreviewed
CVE-2022-22268
was published
Jan 11, 2022
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows...
Moderate
Unreviewed
CVE-2022-22270
was published
Jan 11, 2022
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download...
Moderate
Unreviewed
CVE-2021-44983
was published
Feb 9, 2022
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can...
Moderate
Unreviewed
CVE-2022-23316
was published
Feb 9, 2022
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when...
Moderate
Unreviewed
CVE-2021-25004
was published
Feb 8, 2022
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of...
Moderate
Unreviewed
CVE-2022-24694
was published
Feb 10, 2022
The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin...
Moderate
Unreviewed
CVE-2022-4346
was published
Jan 23, 2023
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1...
Moderate
Unreviewed
CVE-2017-2621
was published
May 3, 2022
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log...
Moderate
Unreviewed
CVE-2017-2622
was published
May 13, 2022
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction...
Moderate
Unreviewed
CVE-2022-48094
was published
Feb 1, 2023
Podman has Files or Directories Accessible to External Parties
Moderate
CVE-2020-1726
was published
for
github.com/containers/podman
(Go)
May 24, 2022
A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an...
Moderate
Unreviewed
CVE-2021-1256
was published
May 24, 2022
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0...
Moderate
Unreviewed
CVE-2022-45440
was published
Jan 17, 2023
Keycloak has Files or Directories Accessible to External Parties
Moderate
CVE-2021-3856
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
Missing authorization in xwiki-platform
Moderate
CVE-2022-23621
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Feb 9, 2022
The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly...
Moderate
Unreviewed
CVE-2022-2834
was published
Oct 17, 2022
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker...
Moderate
Unreviewed
CVE-2021-1512
was published
May 24, 2022
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some...
Moderate
Unreviewed
CVE-2023-2766
was published
May 17, 2023
A CWE-552: Files or Directories Accessible to External Parties vulnerability exists in Telit...
Moderate
Unreviewed
CVE-2023-47612
was published
Nov 9, 2023
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows...
Moderate
Unreviewed
CVE-2023-42534
was published
Nov 13, 2023
The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the...
Moderate
Unreviewed
CVE-2023-4930
was published
Nov 6, 2023
ProTip!
Advisories are also available from the
GraphQL API