GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10...
Moderate
Unreviewed
CVE-2019-13941
was published
May 24, 2022
Some Dahua software products have a vulnerability of unrestricted download of file. After...
Moderate
Unreviewed
CVE-2022-45426
was published
Dec 27, 2022
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in...
Moderate
Unreviewed
CVE-2020-7241
was published
May 24, 2022
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via...
Moderate
Unreviewed
CVE-2022-43449
was published
Nov 4, 2022
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the...
Moderate
Unreviewed
CVE-2021-42644
was published
May 18, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root...
Moderate
Unreviewed
CVE-2021-40149
was published
Jul 18, 2022
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers...
Moderate
Unreviewed
CVE-2022-34049
was published
Jul 21, 2022
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded...
Moderate
Unreviewed
CVE-2022-2222
was published
Jul 18, 2022
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background...
Moderate
Unreviewed
CVE-2022-28445
was published
Apr 22, 2022
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick...
Moderate
Unreviewed
CVE-2022-26877
was published
Apr 10, 2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer...
Moderate
Unreviewed
CVE-2022-24075
was published
Mar 18, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter
Moderate
CVE-2022-27193
was published
for
cvrf2csaf
(pip)
Mar 16, 2022
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
Moderate
Unreviewed
CVE-2022-25497
was published
Mar 16, 2022
Exposure of .env if project root is configured as web root in shopware/production
Moderate
GHSA-3pcr-4982-548m
was published
for
shopware/production
(Composer)
Apr 13, 2021
Arbitrary file read via window-open IPC in Electron
Moderate
CVE-2020-4075
was published
for
electron
(npm)
Jul 7, 2020
ProTip!
Advisories are also available from the
GraphQL API