GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,536
Composer 4,189
Erlang 31
GitHub Actions 19
Go 1,985
Maven 5,160
npm 3,701
NuGet 657
pip 3,326
Pub 11
RubyGems 882
Rust 836
Swift 35

Unreviewed advisories

All unreviewed 233,420

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

102 advisories

Filter by severity

Sort by

Least recently updated

In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which... High Unreviewed

CVE-2021-44315 was published Dec 17, 2021

An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary... High Unreviewed

CVE-2022-0244 was published Jan 19, 2022

An information disclosure vulnerability exists due to a web server misconfiguration in the... High Unreviewed

CVE-2022-21236 was published Jan 29, 2022

This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during... High Unreviewed

CVE-2022-25299 was published Feb 19, 2022

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names... High Unreviewed

CVE-2022-25297 was published Feb 22, 2022

HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via... High Unreviewed

CVE-2022-25104 was published Feb 25, 2022

Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an... High Unreviewed

CVE-2022-23377 was published Mar 2, 2022

74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url... High Unreviewed

CVE-2022-26271 was published Mar 29, 2022

Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure... High Unreviewed

CVE-2022-28002 was published Apr 9, 2022

A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0)... High Unreviewed

CVE-2022-27837 was published Apr 12, 2022

The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter... High Unreviewed

CVE-2022-0656 was published Apr 26, 2022

novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. High Unreviewed

CVE-2022-28462 was published May 6, 2022

Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized... High Unreviewed

CVE-2017-16651 was published May 13, 2022

redhat-certification does not properly restrict files that can be download through the /download... High Unreviewed

CVE-2018-10869 was published May 13, 2022

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which... High Unreviewed

CVE-2017-11746 was published May 13, 2022

LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers... High Unreviewed

CVE-2018-16946 was published May 13, 2022

Development Tools panels of an extension are required to load URLs for the panels as relative... High Unreviewed

CVE-2018-5112 was published May 13, 2022

In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2,... High Unreviewed

CVE-2018-9587 was published May 13, 2022

Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup... High Unreviewed

CVE-2017-2551 was published May 17, 2022

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed

CVE-2022-29446 was published May 20, 2022

Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed

CVE-2022-29447 was published May 21, 2022

** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27... High Unreviewed

CVE-2019-13404 was published May 24, 2022

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the... High Unreviewed

CVE-2020-3926 was published May 24, 2022

An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the... High Unreviewed

CVE-2020-3927 was published May 24, 2022

Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system... High Unreviewed

CVE-2019-7305 was published May 24, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

102 advisories