Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
Arbitrary file read via window-open IPC in Electron Moderate
CVE-2020-4075 was published for electron (npm) Jul 7, 2020
Unauthorized File Access in node-git-server High
GHSA-cv3v-7846-6pxm was published for node-git-server (npm) Sep 3, 2020
Exposure of .env if project root is configured as web root in shopware/production Moderate
GHSA-3pcr-4982-548m was published for shopware/production (Composer) Apr 13, 2021
Vulnerability allowing for reading internal HTTP resources High
GHSA-hfwx-c7q6-g54c was published for highcharts-export-server (npm) Mar 12, 2021
Unauthorized access through URL manipulation High
GHSA-qrmm-w4v4-q7f8 was published for docassemble (pip) May 6, 2021
jimmio
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. Moderate Unreviewed
CVE-2022-25497 was published Mar 16, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter Moderate
CVE-2022-27193 was published for cvrf2csaf (pip) Mar 16, 2022
An information disclosure vulnerability exists due to a web server misconfiguration in the... High Unreviewed
CVE-2022-21236 was published Jan 29, 2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer... Moderate Unreviewed
CVE-2022-24075 was published Mar 18, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url... High Unreviewed
CVE-2022-26271 was published Mar 29, 2022
Files or Directories Accessible to External Parties in Adminer High
CVE-2021-43008 was published for vrana/adminer (Composer) Apr 6, 2022
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure... High Unreviewed
CVE-2022-28002 was published Apr 9, 2022
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick... Moderate Unreviewed
CVE-2022-26877 was published Apr 10, 2022
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background... Moderate Unreviewed
CVE-2022-28445 was published Apr 22, 2022
Arbitrary file read in ginadmin High
CVE-2022-30428 was published for github.com/gphper/ginadmin (Go) May 26, 2022
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter... High Unreviewed
CVE-2022-0656 was published Apr 26, 2022
Docker Desktop 4.3.0 has Incorrect Access Control. High Unreviewed
CVE-2021-44719 was published May 26, 2022
It has been discovered that redhat-certification is not properly configured and it lists all... High Unreviewed
CVE-2018-10863 was published May 24, 2022
It has been discovered that redhat-certification does not restrict file access in the /update... Critical Unreviewed
CVE-2018-10867 was published May 24, 2022
In multiple CODESYS products, file download and upload function allows access to internal files... High Unreviewed
CVE-2022-32143 was published Jun 25, 2022
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded... Moderate Unreviewed
CVE-2022-2222 was published Jul 18, 2022
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of... High Unreviewed
CVE-2022-24138 was published Jul 7, 2022
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers... Moderate Unreviewed
CVE-2022-34049 was published Jul 21, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root... Moderate Unreviewed
CVE-2021-40149 was published Jul 18, 2022
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local... Low Unreviewed
CVE-2022-33686 was published Jul 13, 2022
ProTip! Advisories are also available from the GraphQL API