Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

211 advisories

Loading
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. Moderate Unreviewed
CVE-2022-25497 was published Mar 16, 2022
An information disclosure vulnerability exists due to a web server misconfiguration in the... High Unreviewed
CVE-2022-21236 was published Jan 29, 2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer... Moderate Unreviewed
CVE-2022-24075 was published Mar 18, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url... High Unreviewed
CVE-2022-26271 was published Mar 29, 2022
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure... High Unreviewed
CVE-2022-28002 was published Apr 9, 2022
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick... Moderate Unreviewed
CVE-2022-26877 was published Apr 10, 2022
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background... Moderate Unreviewed
CVE-2022-28445 was published Apr 22, 2022
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter... High Unreviewed
CVE-2022-0656 was published Apr 26, 2022
Docker Desktop 4.3.0 has Incorrect Access Control. High Unreviewed
CVE-2021-44719 was published May 26, 2022
It has been discovered that redhat-certification is not properly configured and it lists all... High Unreviewed
CVE-2018-10863 was published May 24, 2022
It has been discovered that redhat-certification does not restrict file access in the /update... Critical Unreviewed
CVE-2018-10867 was published May 24, 2022
In multiple CODESYS products, file download and upload function allows access to internal files... High Unreviewed
CVE-2022-32143 was published Jun 25, 2022
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded... Moderate Unreviewed
CVE-2022-2222 was published Jul 18, 2022
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of... High Unreviewed
CVE-2022-24138 was published Jul 7, 2022
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers... Moderate Unreviewed
CVE-2022-34049 was published Jul 21, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root... Moderate Unreviewed
CVE-2021-40149 was published Jul 18, 2022
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local... Low Unreviewed
CVE-2022-33686 was published Jul 13, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/... High Unreviewed
CVE-2021-40150 was published Jul 18, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows... High Unreviewed
CVE-2022-40126 was published Sep 30, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi... High Unreviewed
CVE-2022-36552 was published Aug 31, 2022
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup... High Unreviewed
CVE-2022-1585 was published Aug 2, 2022
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030... High Unreviewed
CVE-2022-44356 was published Nov 29, 2022
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF... High Unreviewed
CVE-2022-45129 was published Nov 10, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed
CVE-2022-29446 was published May 20, 2022
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed
CVE-2022-29447 was published May 21, 2022
ProTip! Advisories are also available from the GraphQL API