Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,968
Erlang
29
GitHub Actions
16
Go
1,752
Maven
4,982
npm
3,516
NuGet
609
pip
3,090
Pub
10
RubyGems
832
Rust
782
Swift
34
Unreviewed advisories
All unreviewed
5,000+

55 advisories

Loading
HashiCorp Nomad vulnerable to symlink attacks High
CVE-2024-1329 was published for github.com/hashicorp/nomad (Go) Feb 8, 2024
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple... High Unreviewed
CVE-2023-5247 was published Nov 30, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-35985 was published Nov 27, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-40194 was published Nov 27, 2023
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356.... High Unreviewed
CVE-2023-39542 was published Nov 27, 2023
A file write vulnerability exists in the OAS Engine configuration functionality of Open... High Unreviewed
CVE-2023-32615 was published Sep 5, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42733 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42734 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42893 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42732 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42891 was published Jul 6, 2023
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of... High Unreviewed
CVE-2023-3256 was published Jun 22, 2023
In toUriInner of Intent.java, there is a possible way to launch an arbitrary activity due to a... High Unreviewed
CVE-2023-21097 was published Apr 19, 2023
An issue was discovered in Insyde InsydeH2O with kernel 5.2 through 5.5. The Save State register... High Unreviewed
CVE-2023-22616 was published Apr 12, 2023
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation... High Unreviewed
CVE-2022-43513 was published Jan 10, 2023
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an... High Unreviewed
CVE-2022-34669 was published Dec 31, 2022
An attacker can take leverage on PerFact OpenVPN-Client versions 1.4.1.0 and prior to send the... High Unreviewed
CVE-2021-27406 was published Oct 14, 2022
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and... High Unreviewed
CVE-2022-2633 was published Sep 7, 2022
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up... High Unreviewed
CVE-2022-2431 was published Sep 7, 2022
In DreamServices, there is a possible way to launch arbitrary protected activities due to a... High Unreviewed
CVE-2022-20319 was published Aug 13, 2022
WordPress Plugin mb.miniAudioPlayer-an HTML5 audio player for your mp3 files is prone to multiple... High Unreviewed
CVE-2016-0796 was published Jul 29, 2022
In assertSafeToStartCustomActivity of AppRestrictionsFragment.java, there is a possible way to... High Unreviewed
CVE-2022-20223 was published Jul 14, 2022
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name... High Unreviewed
CVE-2022-24241 was published Jun 3, 2022
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability. High Unreviewed
CVE-2022-30190 was published Jun 2, 2022
In runDumpHeap of ActivityManagerShellCommand.java, there is a possible deletion of system files... High Unreviewed
CVE-2021-0708 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API