GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
225 advisories
Filter by severity
Trend Micro Security 2021 v17.0 (Consumer) contains a vulnerability that allows files inside the...
Moderate
Unreviewed
CVE-2021-43772
was published
Dec 4, 2021
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows...
Low
Unreviewed
CVE-2021-25521
was published
Dec 9, 2021
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote...
Moderate
Unreviewed
CVE-2021-31850
was published
Dec 9, 2021
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which...
High
Unreviewed
CVE-2021-44315
was published
Dec 17, 2021
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1...
Low
Unreviewed
CVE-2022-22269
was published
Jan 11, 2022
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows...
Moderate
Unreviewed
CVE-2022-22270
was published
Jan 11, 2022
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1...
Low
Unreviewed
CVE-2022-22267
was published
Jan 11, 2022
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically...
Moderate
Unreviewed
CVE-2022-22268
was published
Jan 11, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary...
High
Unreviewed
CVE-2022-0244
was published
Jan 19, 2022
An information disclosure vulnerability exists due to a web server misconfiguration in the...
High
Unreviewed
CVE-2022-21236
was published
Jan 29, 2022
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when...
Moderate
Unreviewed
CVE-2021-25004
was published
Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and...
Moderate
Unreviewed
CVE-2021-24947
was published
Feb 8, 2022
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download...
Moderate
Unreviewed
CVE-2021-44983
was published
Feb 9, 2022
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can...
Moderate
Unreviewed
CVE-2022-23316
was published
Feb 9, 2022
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of...
Moderate
Unreviewed
CVE-2022-24694
was published
Feb 10, 2022
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during...
High
Unreviewed
CVE-2022-25299
was published
Feb 19, 2022
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names...
High
Unreviewed
CVE-2022-25297
was published
Feb 22, 2022
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via...
High
Unreviewed
CVE-2022-25104
was published
Feb 25, 2022
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an...
High
Unreviewed
CVE-2022-23377
was published
Mar 2, 2022
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
Moderate
Unreviewed
CVE-2022-25497
was published
Mar 16, 2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer...
Moderate
Unreviewed
CVE-2022-24075
was published
Mar 18, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url...
High
Unreviewed
CVE-2022-26271
was published
Mar 29, 2022
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure...
High
Unreviewed
CVE-2022-28002
was published
Apr 9, 2022
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick...
Moderate
Unreviewed
CVE-2022-26877
was published
Apr 10, 2022
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0)...
High
Unreviewed
CVE-2022-27837
was published
Apr 12, 2022
ProTip!
Advisories are also available from the
GraphQL API