GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
98 advisories
Filter by severity
A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as...
Moderate
Unreviewed
CVE-2024-8655
was published
Sep 10, 2024
Priority – CWE-552: Files or Directories Accessible to External Parties
Moderate
Unreviewed
CVE-2024-41699
was published
Aug 20, 2024
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is...
Moderate
Unreviewed
CVE-2024-3164
was published
Apr 2, 2024
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may...
Moderate
Unreviewed
CVE-2024-5056
was published
Jun 12, 2024
A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic....
Moderate
Unreviewed
CVE-2024-5587
was published
Jun 2, 2024
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It...
Moderate
Unreviewed
CVE-2024-5045
was published
May 17, 2024
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation...
Moderate
Unreviewed
CVE-2023-39480
was published
May 3, 2024
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This...
Moderate
Unreviewed
CVE-2023-39479
was published
May 3, 2024
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local...
Moderate
Unreviewed
CVE-2023-41717
was published
Aug 31, 2023
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an
unprivileged...
Moderate
Unreviewed
CVE-2023-5101
was published
Oct 9, 2023
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002...
Moderate
Unreviewed
CVE-2023-4588
was published
Sep 6, 2023
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an...
Moderate
Unreviewed
CVE-2023-4475
was published
Aug 22, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user,...
Moderate
Unreviewed
CVE-2023-37551
was published
Aug 3, 2023
Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users...
Moderate
Unreviewed
CVE-2023-32226
was published
Jul 30, 2023
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan...
Moderate
Unreviewed
CVE-2023-2538
was published
Jul 5, 2023
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1...
Moderate
Unreviewed
CVE-2023-29107
was published
May 9, 2023
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x...
Moderate
Unreviewed
CVE-2015-4715
was published
May 24, 2022
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed...
Moderate
Unreviewed
CVE-2019-17112
was published
May 24, 2022
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP...
Moderate
Unreviewed
CVE-2019-0381
was published
May 24, 2022
vBulletin through 5.5.4 mishandles external URLs within the /core/vb/vurl.php file and the /core...
Moderate
Unreviewed
CVE-2019-17130
was published
May 24, 2022
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that...
Moderate
Unreviewed
CVE-2019-13140
was published
May 24, 2022
cPanel before 55.9999.141 allows arbitrary file-read operations because of a multipart form...
Moderate
Unreviewed
CVE-2016-10829
was published
May 24, 2022
A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded...
Moderate
Unreviewed
CVE-2023-45594
was published
Mar 5, 2024
The WP Job Openings WordPress plugin before 3.4.3 does not block listing the contents of the...
Moderate
Unreviewed
CVE-2023-4933
was published
Oct 16, 2023
Aria Operations for Networks contains a local file read vulnerability. A malicious actor with...
Moderate
Unreviewed
CVE-2024-22240
was published
Feb 6, 2024
ProTip!
Advisories are also available from the
GraphQL API