GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,090
Erlang
29
GitHub Actions
19
Go
1,915
Maven
5,000+
npm
3,646
NuGet
638
pip
3,262
Pub
10
RubyGems
870
Rust
821
Swift
35
Unreviewed advisories
All unreviewed
5,000+
258 advisories
Filter by severity
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress.
High
Unreviewed
CVE-2022-44583
was published
Nov 19, 2022
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF...
High
Unreviewed
CVE-2022-45129
was published
Nov 10, 2022
Markdownify has Files or Directories Accessible to External Parties
Moderate
CVE-2022-41710
was published
for
electron-markdownify
(npm)
Nov 4, 2022
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via...
Moderate
Unreviewed
CVE-2022-43449
was published
Nov 4, 2022
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an...
Moderate
Unreviewed
CVE-2022-23738
was published
Nov 1, 2022
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows...
Moderate
Unreviewed
CVE-2022-37424
was published
Oct 28, 2022
The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly...
Moderate
Unreviewed
CVE-2022-2834
was published
Oct 17, 2022
There is a file inclusion vulnerability in the template management module in UCMS 1.6
High
Unreviewed
CVE-2022-42234
was published
Oct 14, 2022
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded...
Moderate
Unreviewed
CVE-2022-2981
was published
Oct 11, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows...
High
Unreviewed
CVE-2022-40126
was published
Sep 30, 2022
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated...
Moderate
Unreviewed
CVE-2022-3287
was published
Sep 29, 2022
Dompdf allows remote file inclusion because URI validation failure does not halt font registration
High
CVE-2022-41343
was published
for
dompdf/dompdf
(Composer)
Sep 26, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi...
High
Unreviewed
CVE-2022-36552
was published
Aug 31, 2022
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how...
High
Unreviewed
CVE-2022-1117
was published
Aug 29, 2022
Keycloak has Files or Directories Accessible to External Parties
Moderate
CVE-2021-3856
was published
for
org.keycloak:keycloak-core
(Maven)
Aug 27, 2022
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation...
High
Unreviewed
CVE-2021-4112
was published
Aug 26, 2022
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak...
High
Unreviewed
CVE-2021-3800
was published
Aug 24, 2022
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file...
Moderate
Unreviewed
CVE-2022-2392
was published
Aug 23, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain...
Moderate
Unreviewed
CVE-2022-22490
was published
Aug 11, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file...
High
Unreviewed
CVE-2022-2357
was published
Aug 9, 2022
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup...
High
Unreviewed
CVE-2022-1585
was published
Aug 2, 2022
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some...
High
Unreviewed
CVE-2022-33158
was published
Jul 31, 2022
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers...
Moderate
Unreviewed
CVE-2022-34049
was published
Jul 21, 2022
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded...
Moderate
Unreviewed
CVE-2022-2222
was published
Jul 18, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/...
High
Unreviewed
CVE-2021-40150
was published
Jul 18, 2022
ProTip!
Advisories are also available from the
GraphQL API