GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
Improper file downloads in Apache Tapestry
Moderate
CVE-2020-13953
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Feb 10, 2022
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of...
Moderate
Unreviewed
CVE-2022-24694
was published
Feb 10, 2022
Missing authorization in xwiki-platform
Moderate
CVE-2022-23621
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Feb 9, 2022
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can...
Moderate
Unreviewed
CVE-2022-23316
was published
Feb 9, 2022
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download...
Moderate
Unreviewed
CVE-2021-44983
was published
Feb 9, 2022
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when...
Moderate
Unreviewed
CVE-2021-25004
was published
Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and...
Moderate
Unreviewed
CVE-2021-24947
was published
Feb 8, 2022
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically...
Moderate
Unreviewed
CVE-2022-22268
was published
Jan 11, 2022
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows...
Moderate
Unreviewed
CVE-2022-22270
was published
Jan 11, 2022
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote...
Moderate
Unreviewed
CVE-2021-31850
was published
Dec 9, 2021
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the...
Moderate
Unreviewed
CVE-2021-43772
was published
Dec 4, 2021
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin
Moderate
CVE-2021-21429
was published
for
org.openapitools:openapi-generator-maven-plugin
(Maven)
Apr 29, 2021
Exposure of .env if project root is configured as web root in shopware/production
Moderate
GHSA-3pcr-4982-548m
was published
for
shopware/production
(Composer)
Apr 13, 2021
Broken access control on files
Moderate
CVE-2019-14273
was published
for
silverstripe/framework
(Composer)
Jul 15, 2020
Arbitrary file read via window-open IPC in Electron
Moderate
CVE-2020-4075
was published
for
electron
(npm)
Jul 7, 2020
ProTip!
Advisories are also available from the
GraphQL API