GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr...
Moderate
Unreviewed
CVE-2015-1350
was published
May 13, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain...
Moderate
Unreviewed
CVE-2022-22490
was published
Aug 11, 2022
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp...
Moderate
Unreviewed
CVE-2022-29302
was published
May 13, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input...
Moderate
Unreviewed
CVE-2022-4108
was published
Dec 19, 2022
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an...
Moderate
Unreviewed
CVE-2022-23738
was published
Nov 1, 2022
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file...
Moderate
Unreviewed
CVE-2022-2392
was published
Aug 23, 2022
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence...
Moderate
Unreviewed
CVE-2021-31600
was published
May 24, 2022
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows...
Moderate
Unreviewed
CVE-2022-37424
was published
Oct 28, 2022
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If...
Moderate
Unreviewed
CVE-2021-41573
was published
May 24, 2022
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the...
Moderate
Unreviewed
CVE-2021-35203
was published
May 24, 2022
A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote...
Moderate
Unreviewed
CVE-2021-34765
was published
May 24, 2022
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design)...
Moderate
Unreviewed
CVE-2021-36233
was published
May 24, 2022
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This...
Moderate
Unreviewed
CVE-2020-25351
was published
May 24, 2022
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected...
Moderate
Unreviewed
CVE-2021-29969
was published
May 24, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and...
Moderate
Unreviewed
CVE-2021-24947
was published
Feb 8, 2022
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local...
Moderate
Unreviewed
CVE-2021-1434
was published
May 24, 2022
It has been discovered in redhat-certification that any unauthorized user may download any file...
Moderate
Unreviewed
CVE-2019-3897
was published
May 24, 2022
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before...
Moderate
Unreviewed
CVE-2021-24154
was published
May 24, 2022
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated...
Moderate
Unreviewed
CVE-2022-3287
was published
Sep 29, 2022
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows...
Moderate
Unreviewed
CVE-2020-27368
was published
May 24, 2022
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability....
Moderate
Unreviewed
CVE-2020-26183
was published
May 24, 2022
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows...
Moderate
Unreviewed
CVE-2020-11642
was published
May 24, 2022
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior...
Moderate
Unreviewed
CVE-2020-1908
was published
May 24, 2022
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows...
Moderate
Unreviewed
CVE-2020-11641
was published
May 24, 2022
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment...
Moderate
Unreviewed
CVE-2020-26182
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API