GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
257 advisories
Filter by severity
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an...
Low
Unreviewed
CVE-2018-0106
was published
May 13, 2022
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized...
High
Unreviewed
CVE-2017-16651
was published
May 13, 2022
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr...
Moderate
Unreviewed
CVE-2015-1350
was published
May 13, 2022
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log...
Moderate
Unreviewed
CVE-2017-2622
was published
May 13, 2022
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp...
Moderate
Unreviewed
CVE-2022-29302
was published
May 13, 2022
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
High
Unreviewed
CVE-2022-28462
was published
May 6, 2022
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1...
Moderate
Unreviewed
CVE-2017-2621
was published
May 3, 2022
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access...
Moderate
Unreviewed
CVE-2009-3597
was published
May 2, 2022
NEXTWEB (i)Site stores databases under the web document root with insufficient access control,...
Moderate
Unreviewed
CVE-2005-1835
was published
May 1, 2022
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter...
High
Unreviewed
CVE-2022-0656
was published
Apr 26, 2022
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background...
Moderate
Unreviewed
CVE-2022-28445
was published
Apr 22, 2022
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0)...
High
Unreviewed
CVE-2022-27837
was published
Apr 12, 2022
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick...
Moderate
Unreviewed
CVE-2022-26877
was published
Apr 10, 2022
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure...
High
Unreviewed
CVE-2022-28002
was published
Apr 9, 2022
Files or Directories Accessible to External Parties in Adminer
High
CVE-2021-43008
was published
for
vrana/adminer
(Composer)
Apr 6, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url...
High
Unreviewed
CVE-2022-26271
was published
Mar 29, 2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer...
Moderate
Unreviewed
CVE-2022-24075
was published
Mar 18, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter
Moderate
CVE-2022-27193
was published
for
cvrf2csaf
(pip)
Mar 16, 2022
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
Moderate
Unreviewed
CVE-2022-25497
was published
Mar 16, 2022
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an...
High
Unreviewed
CVE-2022-23377
was published
Mar 2, 2022
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via...
High
Unreviewed
CVE-2022-25104
was published
Feb 25, 2022
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names...
High
Unreviewed
CVE-2022-25297
was published
Feb 22, 2022
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during...
High
Unreviewed
CVE-2022-25299
was published
Feb 19, 2022
Information Exposure in Heketi
High
CVE-2017-15104
was published
for
github.com/heketi/heketi
(Go)
Feb 15, 2022
Improper file downloads in Apache Tapestry
Moderate
CVE-2020-13953
was published
for
org.apache.tapestry:tapestry-core
(Maven)
Feb 10, 2022
ProTip!
Advisories are also available from the
GraphQL API