GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,249
Erlang
31
GitHub Actions
21
Go
2,018
Maven
5,000+
npm
3,723
NuGet
662
pip
3,400
Pub
11
RubyGems
890
Rust
857
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
103 advisories
Filter by severity
An information disclosure vulnerability exists due to a web server misconfiguration in the...
High
Unreviewed
CVE-2022-21236
was published
Jan 29, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url...
High
Unreviewed
CVE-2022-26271
was published
Mar 29, 2022
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure...
High
Unreviewed
CVE-2022-28002
was published
Apr 9, 2022
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter...
High
Unreviewed
CVE-2022-0656
was published
Apr 26, 2022
Docker Desktop 4.3.0 has Incorrect Access Control.
High
Unreviewed
CVE-2021-44719
was published
May 26, 2022
It has been discovered that redhat-certification is not properly configured and it lists all...
High
Unreviewed
CVE-2018-10863
was published
May 24, 2022
In multiple CODESYS products, file download and upload function allows access to internal files...
High
Unreviewed
CVE-2022-32143
was published
Jun 25, 2022
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of...
High
Unreviewed
CVE-2022-24138
was published
Jul 7, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/...
High
Unreviewed
CVE-2021-40150
was published
Jul 18, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows...
High
Unreviewed
CVE-2022-40126
was published
Sep 30, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi...
High
Unreviewed
CVE-2022-36552
was published
Aug 31, 2022
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup...
High
Unreviewed
CVE-2022-1585
was published
Aug 2, 2022
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030...
High
Unreviewed
CVE-2022-44356
was published
Nov 29, 2022
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF...
High
Unreviewed
CVE-2022-45129
was published
Nov 10, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29446
was published
May 20, 2022
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29447
was published
May 21, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the...
High
Unreviewed
CVE-2020-3926
was published
May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the...
High
Unreviewed
CVE-2020-3927
was published
May 24, 2022
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system...
High
Unreviewed
CVE-2019-7305
was published
May 24, 2022
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https:...
High
Unreviewed
CVE-2022-45227
was published
Dec 12, 2022
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection...
High
Unreviewed
CVE-2020-26549
was published
May 24, 2022
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape...
High
Unreviewed
CVE-2021-20253
was published
May 24, 2022
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an...
High
Unreviewed
CVE-2021-33359
was published
May 24, 2022
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties.
High
Unreviewed
CVE-2021-36763
was published
May 24, 2022
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control...
High
Unreviewed
CVE-2021-36276
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API