GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
Tyler Technologies Court Case Management Plus may store backups in a location that can be...
Moderate
Unreviewed
CVE-2023-6375
was published
Nov 30, 2023
Dell vApp Manager, versions prior to 9.2.4.x contain an arbitrary file read vulnerability. A...
Moderate
Unreviewed
CVE-2023-48661
was published
Dec 14, 2023
The File Manager WordPress plugin before 6.3 does not restrict the file managers root directory,...
Moderate
Unreviewed
CVE-2023-5907
was published
Dec 11, 2023
NEXTWEB (i)Site stores databases under the web document root with insufficient access control,...
Moderate
Unreviewed
CVE-2005-1835
was published
May 1, 2022
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access...
Moderate
Unreviewed
CVE-2009-3597
was published
May 2, 2022
Unauthorized file access vulnerability in the wallpaper service module. Successful exploitation...
Moderate
Unreviewed
CVE-2023-52112
was published
Jan 16, 2024
A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified...
Moderate
Unreviewed
CVE-2024-1005
was published
Jan 29, 2024
Broken access control on files
Moderate
CVE-2019-14273
was published
for
silverstripe/framework
(Composer)
Jul 15, 2020
Guava vulnerable to insecure use of temporary directory
Moderate
CVE-2023-2976
was published
for
com.google.guava:guava
(Maven)
Jun 14, 2023
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with...
Moderate
Unreviewed
CVE-2024-22240
was published
Feb 6, 2024
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the...
Moderate
Unreviewed
CVE-2023-4933
was published
Oct 16, 2023
A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded...
Moderate
Unreviewed
CVE-2023-45594
was published
Mar 5, 2024
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form...
Moderate
Unreviewed
CVE-2016-10829
was published
May 24, 2022
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that...
Moderate
Unreviewed
CVE-2019-13140
was published
May 24, 2022
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core...
Moderate
Unreviewed
CVE-2019-17130
was published
May 24, 2022
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP...
Moderate
Unreviewed
CVE-2019-0381
was published
May 24, 2022
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed...
Moderate
Unreviewed
CVE-2019-17112
was published
May 24, 2022
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x...
Moderate
Unreviewed
CVE-2015-4715
was published
May 24, 2022
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1...
Moderate
Unreviewed
CVE-2023-29107
was published
May 9, 2023
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan...
Moderate
Unreviewed
CVE-2023-2538
was published
Jul 5, 2023
Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users...
Moderate
Unreviewed
CVE-2023-32226
was published
Jul 30, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user,...
Moderate
Unreviewed
CVE-2023-37551
was published
Aug 3, 2023
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an...
Moderate
Unreviewed
CVE-2023-4475
was published
Aug 22, 2023
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002...
Moderate
Unreviewed
CVE-2023-4588
was published
Sep 6, 2023
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an
unprivileged...
Moderate
Unreviewed
CVE-2023-5101
was published
Oct 9, 2023
ProTip!
Advisories are also available from the
GraphQL API