GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
122 advisories
Filter by severity
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29446
was published
May 20, 2022
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29447
was published
May 21, 2022
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF...
High
Unreviewed
CVE-2022-45129
was published
Nov 10, 2022
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030...
High
Unreviewed
CVE-2022-44356
was published
Nov 29, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin
High
CVE-2022-30945
was published
for
org.jenkins-ci.plugins.workflow:workflow-cps
(Maven)
May 18, 2022
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup...
High
Unreviewed
CVE-2022-1585
was published
Aug 2, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi...
High
Unreviewed
CVE-2022-36552
was published
Aug 31, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows...
High
Unreviewed
CVE-2022-40126
was published
Sep 30, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/...
High
Unreviewed
CVE-2021-40150
was published
Jul 18, 2022
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of...
High
Unreviewed
CVE-2022-24138
was published
Jul 7, 2022
In multiple CODESYS products, file download and upload function allows access to internal files...
High
Unreviewed
CVE-2022-32143
was published
Jun 25, 2022
It has been discovered that redhat-certification is not properly configured and it lists all...
High
Unreviewed
CVE-2018-10863
was published
May 24, 2022
Docker Desktop 4.3.0 has Incorrect Access Control.
High
Unreviewed
CVE-2021-44719
was published
May 26, 2022
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter...
High
Unreviewed
CVE-2022-0656
was published
Apr 26, 2022
Arbitrary file read in ginadmin
High
CVE-2022-30428
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure...
High
Unreviewed
CVE-2022-28002
was published
Apr 9, 2022
Files or Directories Accessible to External Parties in Adminer
High
CVE-2021-43008
was published
for
vrana/adminer
(Composer)
Apr 6, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url...
High
Unreviewed
CVE-2022-26271
was published
Mar 29, 2022
An information disclosure vulnerability exists due to a web server misconfiguration in the...
High
Unreviewed
CVE-2022-21236
was published
Jan 29, 2022
Unauthorized access through URL manipulation
High
GHSA-qrmm-w4v4-q7f8
was published
for
docassemble
(pip)
May 6, 2021
Vulnerability allowing for reading internal HTTP resources
High
GHSA-hfwx-c7q6-g54c
was published
for
highcharts-export-server
(npm)
Mar 12, 2021
Unauthorized File Access in node-git-server
High
GHSA-cv3v-7846-6pxm
was published
for
node-git-server
(npm)
Sep 3, 2020
ProTip!
Advisories are also available from the
GraphQL API