Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an... Low Unreviewed
CVE-2018-0106 was published May 13, 2022
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized... High Unreviewed
CVE-2017-16651 was published May 13, 2022
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr... Moderate Unreviewed
CVE-2015-1350 was published May 13, 2022
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log... Moderate Unreviewed
CVE-2017-2622 was published May 13, 2022
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp... Moderate Unreviewed
CVE-2022-29302 was published May 13, 2022
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. High Unreviewed
CVE-2022-28462 was published May 6, 2022
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1... Moderate Unreviewed
CVE-2017-2621 was published May 3, 2022
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access... Moderate Unreviewed
CVE-2009-3597 was published May 2, 2022
NEXTWEB (i)Site stores databases under the web document root with insufficient access control,... Moderate Unreviewed
CVE-2005-1835 was published May 1, 2022
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter... High Unreviewed
CVE-2022-0656 was published Apr 26, 2022
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background... Moderate Unreviewed
CVE-2022-28445 was published Apr 22, 2022
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0)... High Unreviewed
CVE-2022-27837 was published Apr 12, 2022
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick... Moderate Unreviewed
CVE-2022-26877 was published Apr 10, 2022
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure... High Unreviewed
CVE-2022-28002 was published Apr 9, 2022
Files or Directories Accessible to External Parties in Adminer High
CVE-2021-43008 was published for vrana/adminer (Composer) Apr 6, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url... High Unreviewed
CVE-2022-26271 was published Mar 29, 2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer... Moderate Unreviewed
CVE-2022-24075 was published Mar 18, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter Moderate
CVE-2022-27193 was published for cvrf2csaf (pip) Mar 16, 2022
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. Moderate Unreviewed
CVE-2022-25497 was published Mar 16, 2022
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an... High Unreviewed
CVE-2022-23377 was published Mar 2, 2022
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via... High Unreviewed
CVE-2022-25104 was published Feb 25, 2022
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names... High Unreviewed
CVE-2022-25297 was published Feb 22, 2022
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during... High Unreviewed
CVE-2022-25299 was published Feb 19, 2022
Information Exposure in Heketi High
CVE-2017-15104 was published for github.com/heketi/heketi (Go) Feb 15, 2022
Improper file downloads in Apache Tapestry Moderate
CVE-2020-13953 was published for org.apache.tapestry:tapestry-core (Maven) Feb 10, 2022
ProTip! Advisories are also available from the GraphQL API