Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

257 advisories

Loading
Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows... Critical Unreviewed
CVE-2024-6878 was published Sep 18, 2024
Files on the Windows system are accessible without authentication to external parties due to a... High Unreviewed
CVE-2024-6911 was published Jul 22, 2024
A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as... Moderate Unreviewed
CVE-2024-8655 was published Sep 10, 2024
Dell PowerScale InsightIQ, versions 5.0 through 5.1, contains a File or Directories Accessible to... High Unreviewed
CVE-2024-39581 was published Sep 10, 2024
cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to... High Unreviewed
CVE-2024-36442 was published Aug 22, 2024
Apache SeaTunnel SQL Injection vulnerability High
CVE-2023-49198 was published for org.apache.seatunnel:seatunnel (Maven) Aug 21, 2024
Priority – CWE-552: Files or Directories Accessible to External Parties Moderate Unreviewed
CVE-2024-41699 was published Aug 20, 2024
Apache Linkis arbitrary file deletion vulnerability Moderate
CVE-2024-27182 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
The CAYIN Technology CMS lacks proper access control, allowing unauthenticated remote attackers... High Unreviewed
CVE-2024-7729 was published Aug 14, 2024
An unauthenticated remote attacker can use this vulnerability to change the device configuration... High Unreviewed
CVE-2024-3913 was published Aug 13, 2024
Gogs allows deletion of internal files Critical
CVE-2024-39931 was published for github.com/gogs/gogs (Go) Jul 4, 2024
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series v <... Critical Unreviewed
CVE-2024-6209 was published Jul 5, 2024
Apache Linkis DataSource allows arbitrary file reading Moderate
CVE-2023-41916 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
A vulnerability has been identified in Omnivise T3000 Application Server (All versions >= R9.2),... High Unreviewed
CVE-2024-38876 was published Aug 2, 2024
Matrix Tafnit v8 -  CWE-552: Files or Directories Accessible to External Parties High Unreviewed
CVE-2024-38429 was published Jul 30, 2024
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is... Moderate Unreviewed
CVE-2024-3164 was published Apr 2, 2024
Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25... High Unreviewed
CVE-2024-4836 was published Jul 2, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery Critical
CVE-2024-5262 was published for github.com/projectdiscovery/interactsh (Go) Jun 5, 2024
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may... Moderate Unreviewed
CVE-2024-5056 was published Jun 12, 2024
A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic.... Moderate Unreviewed
CVE-2024-5587 was published Jun 2, 2024
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It... Moderate Unreviewed
CVE-2024-5045 was published May 17, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
Scrapy allows redirect following in protocols other than HTTP Moderate
GHSA-23j4-mw76-5v7h was published for Scrapy (pip) May 14, 2024
ProTip! Advisories are also available from the GraphQL API