GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
115 advisories
Filter by severity
A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as...
Moderate
Unreviewed
CVE-2024-8655
was published
Sep 10, 2024
Priority – CWE-552: Files or Directories Accessible to External Parties
Moderate
Unreviewed
CVE-2024-41699
was published
Aug 20, 2024
Apache Linkis arbitrary file deletion vulnerability
Moderate
CVE-2024-27182
was published
for
org.apache.linkis:linkis
(Maven)
Aug 2, 2024
Apache Linkis DataSource allows arbitrary file reading
Moderate
CVE-2023-41916
was published
for
org.apache.linkis:linkis-datasource
(Maven)
Jul 15, 2024
In dotCMS dashboard, the Tools and Log Files tabs under System → Maintenance Portlet, which is...
Moderate
Unreviewed
CVE-2024-3164
was published
Apr 2, 2024
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may...
Moderate
Unreviewed
CVE-2024-5056
was published
Jun 12, 2024
A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic....
Moderate
Unreviewed
CVE-2024-5587
was published
Jun 2, 2024
A vulnerability was found in SourceCodester Online Birth Certificate Management System 1.0. It...
Moderate
Unreviewed
CVE-2024-5045
was published
May 17, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers
Moderate
CVE-2024-35183
was published
for
github.com/wolfi-dev/wolfictl
(Go)
May 15, 2024
OpenStack Swift XML external entities (XXE) Injection
Moderate
CVE-2022-47950
was published
for
swift
(pip)
Jan 18, 2023
Scrapy allows redirect following in protocols other than HTTP
Moderate
GHSA-23j4-mw76-5v7h
was published
for
Scrapy
(pip)
May 14, 2024
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation...
Moderate
Unreviewed
CVE-2023-39480
was published
May 3, 2024
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This...
Moderate
Unreviewed
CVE-2023-39479
was published
May 3, 2024
Drupal core access bypass vulnerability
Moderate
CVE-2017-6922
was published
for
drupal/core
(Composer)
May 13, 2022
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local...
Moderate
Unreviewed
CVE-2023-41717
was published
Aug 31, 2023
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an
unprivileged...
Moderate
Unreviewed
CVE-2023-5101
was published
Oct 9, 2023
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002...
Moderate
Unreviewed
CVE-2023-4588
was published
Sep 6, 2023
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an...
Moderate
Unreviewed
CVE-2023-4475
was published
Aug 22, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user,...
Moderate
Unreviewed
CVE-2023-37551
was published
Aug 3, 2023
Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users...
Moderate
Unreviewed
CVE-2023-32226
was published
Jul 30, 2023
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan...
Moderate
Unreviewed
CVE-2023-2538
was published
Jul 5, 2023
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1...
Moderate
Unreviewed
CVE-2023-29107
was published
May 9, 2023
The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x...
Moderate
Unreviewed
CVE-2015-4715
was published
May 24, 2022
An issue was discovered in Zoho ManageEngine DataSecurity Plus before 5.0.1 5012. An exposed...
Moderate
Unreviewed
CVE-2019-17112
was published
May 24, 2022
A binary planting in SAP SQL Anywhere, before version 17.0, SAP IQ, before version 16.1, and SAP...
Moderate
Unreviewed
CVE-2019-0381
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API