GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
211 advisories
Filter by severity
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the...
High
Unreviewed
CVE-2020-3926
was published
May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the...
High
Unreviewed
CVE-2020-3927
was published
May 24, 2022
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in...
Moderate
Unreviewed
CVE-2020-7241
was published
May 24, 2022
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed...
Moderate
Unreviewed
CVE-2019-17112
was published
May 24, 2022
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP...
Moderate
Unreviewed
CVE-2019-0381
was published
May 24, 2022
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core...
Moderate
Unreviewed
CVE-2019-17130
was published
May 24, 2022
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that...
Moderate
Unreviewed
CVE-2019-13140
was published
May 24, 2022
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form...
Moderate
Unreviewed
CVE-2016-10829
was published
May 24, 2022
** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27...
High
Unreviewed
CVE-2019-13404
was published
May 24, 2022
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29447
was published
May 21, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29446
was published
May 20, 2022
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the...
Moderate
Unreviewed
CVE-2021-42644
was published
May 18, 2022
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup...
High
Unreviewed
CVE-2017-2551
was published
May 17, 2022
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2,...
High
Unreviewed
CVE-2018-9587
was published
May 13, 2022
Development Tools panels of an extension are required to load URLs for the panels as relative...
High
Unreviewed
CVE-2018-5112
was published
May 13, 2022
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers...
High
Unreviewed
CVE-2018-16946
was published
May 13, 2022
An issue was discovered in certain Apple products. iTunes before 12.7 is affected. The issue...
Moderate
Unreviewed
CVE-2017-7079
was published
May 13, 2022
A vulnerability in Cisco ASR 5000 Series Aggregated Services Routers running the Cisco StarOS...
Moderate
Unreviewed
CVE-2017-6774
was published
May 13, 2022
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently...
Critical
Unreviewed
CVE-2017-14942
was published
May 13, 2022
IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0 could allow an authenticated...
Moderate
Unreviewed
CVE-2017-1308
was published
May 13, 2022
Microsoft Windows 10 allows an elevation of privilege vulnerability when the Windows Update...
Moderate
Unreviewed
CVE-2017-11829
was published
May 13, 2022
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which...
High
Unreviewed
CVE-2017-11746
was published
May 13, 2022
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized...
Critical
Unreviewed
CVE-2017-10930
was published
May 13, 2022
IBM RSA DM (IBM Rational Collaborative Lifecycle Management 5.0 and 6.0) could allow an...
Moderate
Unreviewed
CVE-2017-1602
was published
May 13, 2022
redhat-certification does not properly restrict files that can be download through the /download...
High
Unreviewed
CVE-2018-10869
was published
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API