GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,248
Erlang
31
GitHub Actions
21
Go
2,017
Maven
5,000+
npm
3,722
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
103 advisories
Filter by severity
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which...
High
Unreviewed
CVE-2021-44315
was published
Dec 17, 2021
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary...
High
Unreviewed
CVE-2022-0244
was published
Jan 19, 2022
An information disclosure vulnerability exists due to a web server misconfiguration in the...
High
Unreviewed
CVE-2022-21236
was published
Jan 29, 2022
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during...
High
Unreviewed
CVE-2022-25299
was published
Feb 19, 2022
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names...
High
Unreviewed
CVE-2022-25297
was published
Feb 22, 2022
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via...
High
Unreviewed
CVE-2022-25104
was published
Feb 25, 2022
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an...
High
Unreviewed
CVE-2022-23377
was published
Mar 2, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url...
High
Unreviewed
CVE-2022-26271
was published
Mar 29, 2022
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure...
High
Unreviewed
CVE-2022-28002
was published
Apr 9, 2022
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0)...
High
Unreviewed
CVE-2022-27837
was published
Apr 12, 2022
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter...
High
Unreviewed
CVE-2022-0656
was published
Apr 26, 2022
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability.
High
Unreviewed
CVE-2022-28462
was published
May 6, 2022
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized...
High
Unreviewed
CVE-2017-16651
was published
May 13, 2022
redhat-certification does not properly restrict files that can be download through the /download...
High
Unreviewed
CVE-2018-10869
was published
May 13, 2022
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which...
High
Unreviewed
CVE-2017-11746
was published
May 13, 2022
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers...
High
Unreviewed
CVE-2018-16946
was published
May 13, 2022
Development Tools panels of an extension are required to load URLs for the panels as relative...
High
Unreviewed
CVE-2018-5112
was published
May 13, 2022
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2,...
High
Unreviewed
CVE-2018-9587
was published
May 13, 2022
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup...
High
Unreviewed
CVE-2017-2551
was published
May 17, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29446
was published
May 20, 2022
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29447
was published
May 21, 2022
** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27...
High
Unreviewed
CVE-2019-13404
was published
May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the...
High
Unreviewed
CVE-2020-3927
was published
May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the...
High
Unreviewed
CVE-2020-3926
was published
May 24, 2022
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system...
High
Unreviewed
CVE-2019-7305
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API