GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
122 advisories
Filter by severity
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure...
High
Unreviewed
CVE-2022-28002
was published
Apr 9, 2022
Files or Directories Accessible to External Parties in Adminer
High
CVE-2021-43008
was published
for
vrana/adminer
(Composer)
Apr 6, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url...
High
Unreviewed
CVE-2022-26271
was published
Mar 29, 2022
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an...
High
Unreviewed
CVE-2022-23377
was published
Mar 2, 2022
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via...
High
Unreviewed
CVE-2022-25104
was published
Feb 25, 2022
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names...
High
Unreviewed
CVE-2022-25297
was published
Feb 22, 2022
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during...
High
Unreviewed
CVE-2022-25299
was published
Feb 19, 2022
Information Exposure in Heketi
High
CVE-2017-15104
was published
for
github.com/heketi/heketi
(Go)
Feb 15, 2022
An information disclosure vulnerability exists due to a web server misconfiguration in the...
High
Unreviewed
CVE-2022-21236
was published
Jan 29, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary...
High
Unreviewed
CVE-2022-0244
was published
Jan 19, 2022
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which...
High
Unreviewed
CVE-2021-44315
was published
Dec 17, 2021
Files or Directories Accessible to External Parties in kubernetes
High
CVE-2021-25741
was published
for
k8s.io/kubernetes
(Go)
Nov 1, 2021
Files or Directories Accessible to External Parties in ether/logs
High
CVE-2021-32752
was published
for
ether/logs
(Composer)
Jul 12, 2021
Insecure path handling in Bundler
High
CVE-2019-3881
was published
for
bundler
(RubyGems)
May 10, 2021
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket
High
CVE-2020-11976
was published
for
org.apache.wicket:wicket-core
(Maven)
May 7, 2021
Unauthorized access through URL manipulation
High
GHSA-qrmm-w4v4-q7f8
was published
for
docassemble
(pip)
May 6, 2021
Unrestricted File Upload in Form Framework
High
CVE-2021-21355
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Vulnerability allowing for reading internal HTTP resources
High
GHSA-hfwx-c7q6-g54c
was published
for
highcharts-export-server
(npm)
Mar 12, 2021
Path Traversal in Apache Flink
High
CVE-2020-17519
was published
for
org.apache.flink:flink-runtime_2.11
(Maven)
Jan 6, 2021
Local Temp Directory Hijacking Vulnerability
High
CVE-2020-27216
was published
for
org.eclipse.jetty:jetty-webapp
(Maven)
Nov 4, 2020
Unauthorized File Access in node-git-server
High
GHSA-cv3v-7846-6pxm
was published
for
node-git-server
(npm)
Sep 3, 2020
Files or Directories Accessible to External Parties in org.springframework:spring-core
High
CVE-2015-5211
was published
for
org.springframework:spring-core
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API