GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
257 advisories
Filter by severity
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read...
High
Unreviewed
CVE-2023-22974
was published
Feb 22, 2023
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user...
High
Unreviewed
CVE-2023-0331
was published
Feb 27, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the...
High
Unreviewed
CVE-2023-26956
was published
Mar 8, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the...
High
Unreviewed
CVE-2023-26948
was published
Mar 9, 2023
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows...
High
Unreviewed
CVE-2023-1246
was published
Mar 10, 2023
amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.
High
Unreviewed
CVE-2023-23330
was published
Mar 28, 2023
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a...
High
Unreviewed
CVE-2023-28375
was published
Mar 28, 2023
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1...
Moderate
Unreviewed
CVE-2023-29107
was published
May 9, 2023
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate...
High
Unreviewed
CVE-2023-2180
was published
May 15, 2023
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some...
Moderate
Unreviewed
CVE-2023-2766
was published
May 17, 2023
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Low
CVE-2023-32684
was published
for
github.com/lima-vm/lima
(Go)
May 31, 2023
Dolibarr vulnerable to unauthenticated database access
High
CVE-2023-33568
was published
for
dolibarr/dolibarr
(Composer)
Jun 13, 2023
Guava vulnerable to insecure use of temporary directory
Moderate
CVE-2023-2976
was published
for
com.google.guava:guava
(Maven)
Jun 14, 2023
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
High
Unreviewed
CVE-2023-34645
was published
Jun 16, 2023
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan...
Moderate
Unreviewed
CVE-2023-2538
was published
Jul 5, 2023
Apache InLong has Files or Directories Accessible to External Parties
High
CVE-2023-31064
was published
for
org.apache.inlong:manager-workflow
(Maven)
Jul 6, 2023
Apache InLong has Files or Directories Accessible to External Parties in Apache InLong
Critical
CVE-2023-31066
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 6, 2023
JavaScript pre-processing can be used by the attacker to gain access to the file system (read...
High
Unreviewed
CVE-2023-29450
was published
Jul 13, 2023
Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users...
Moderate
Unreviewed
CVE-2023-32226
was published
Jul 30, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user,...
Moderate
Unreviewed
CVE-2023-37551
was published
Aug 3, 2023
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1...
High
Unreviewed
CVE-2023-38948
was published
Aug 3, 2023
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read...
High
Unreviewed
CVE-2023-38952
was published
Aug 4, 2023
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an...
Moderate
Unreviewed
CVE-2023-4475
was published
Aug 22, 2023
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local...
Moderate
Unreviewed
CVE-2023-41717
was published
Aug 31, 2023
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic....
Low
Unreviewed
CVE-2023-4743
was published
Sep 4, 2023
ProTip!
Advisories are also available from the
GraphQL API