Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local... Low Unreviewed
CVE-2022-33686 was published Jul 13, 2022
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of... High Unreviewed
CVE-2022-24138 was published Jul 7, 2022
In multiple CODESYS products, file download and upload function allows access to internal files... High Unreviewed
CVE-2022-32143 was published Jun 25, 2022
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component ... High Unreviewed
CVE-2022-29720 was published May 27, 2022
Docker Desktop 4.3.0 has Incorrect Access Control. High Unreviewed
CVE-2021-44719 was published May 26, 2022
Arbitrary file read in ginadmin High
CVE-2022-30428 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Wildfly-Core user account mismanagement High
CVE-2021-3717 was published for org.wildfly.core:wildfly-core-parent (Maven) May 25, 2022
PhantomJS Arbitrary File Read High
CVE-2019-17221 was published for phantomjs (npm) May 24, 2022
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence... Moderate Unreviewed
CVE-2021-31600 was published May 24, 2022
NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the... Moderate Unreviewed
CVE-2021-35203 was published May 24, 2022
Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If... Moderate Unreviewed
CVE-2021-41573 was published May 24, 2022
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper... High Unreviewed
CVE-2021-22015 was published May 24, 2022
A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read... High Unreviewed
CVE-2020-35340 was published May 24, 2022
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there... High Unreviewed
CVE-2021-32833 was published May 24, 2022
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep... Moderate Unreviewed
CVE-2021-25459 was published May 24, 2022
A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote... Moderate Unreviewed
CVE-2021-34765 was published May 24, 2022
The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design)... Moderate Unreviewed
CVE-2021-36233 was published May 24, 2022
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This... Moderate Unreviewed
CVE-2020-25351 was published May 24, 2022
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access... High Unreviewed
CVE-2020-22124 was published May 24, 2022
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. High Unreviewed
CVE-2021-38711 was published May 24, 2022
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation... High Unreviewed
CVE-2021-37348 was published May 24, 2022
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control... High Unreviewed
CVE-2021-36276 was published May 24, 2022
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected... Moderate Unreviewed
CVE-2021-29969 was published May 24, 2022
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. High Unreviewed
CVE-2021-36763 was published May 24, 2022
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an... High Unreviewed
CVE-2021-33359 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API