GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,239
Erlang
31
GitHub Actions
21
Go
2,007
Maven
5,000+
npm
3,716
NuGet
662
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
23 advisories
Filter by severity
Insecure Default Configuration in tesseract.js
Moderate
GHSA-83rx-c8cr-6j8q
was published
for
tesseract.js
(npm)
Jun 5, 2019
Local File read vulnerability in OctoberCMS
Moderate
CVE-2020-5295
was published
for
october/cms
(Composer)
Jun 3, 2020
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,...
Moderate
Unreviewed
CVE-2021-29113
was published
Dec 8, 2021
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user...
Moderate
Unreviewed
CVE-2022-37191
was published
Sep 14, 2022
If an image had not loaded correctly (such as when it is not actually an image), it could be...
Moderate
Unreviewed
CVE-2019-17014
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience...
Moderate
Unreviewed
CVE-2021-31927
was published
May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5...
Moderate
Unreviewed
CVE-2021-29777
was published
May 24, 2022
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier,...
Moderate
Unreviewed
CVE-2021-20843
was published
May 24, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an...
Moderate
Unreviewed
CVE-2022-29845
was published
May 12, 2022
Command Injection in @theia/messages
Moderate
CVE-2021-28162
was published
for
@theia/messages
(npm)
May 10, 2021
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow...
Moderate
Unreviewed
CVE-2018-8351
was published
May 13, 2022
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4
Moderate
CVE-2021-26272
was published
for
ckeditor4
(npm)
Oct 13, 2021
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access...
Moderate
Unreviewed
CVE-2019-4263
was published
May 24, 2022
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1...
Moderate
Unreviewed
CVE-2023-21440
was published
Feb 9, 2023
A same-origin policy violation occurs allowing the theft of cross-origin images through a...
Moderate
Unreviewed
CVE-2019-11742
was published
May 24, 2022
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace...
Moderate
Unreviewed
CVE-2019-16951
was published
May 24, 2022
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer...
Moderate
Unreviewed
CVE-2023-31170
was published
Aug 31, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer...
Moderate
Unreviewed
CVE-2023-31168
was published
Aug 31, 2023
Moderate severity vulnerability that affects org.springframework:spring-core
Moderate
CVE-2018-11040
was published
for
org.springframework:spring-core
(Maven)
Oct 16, 2018
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Moderate
Unreviewed
CVE-2024-35650
was published
Jun 10, 2024
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access...
Moderate
Unreviewed
CVE-2024-5693
was published
Jun 11, 2024
Anki Latex Incomplete Blocklist Vulnerability
Moderate
CVE-2024-29073
was published
for
anki
(pip)
Jul 22, 2024
Improper Locking in JetBrains Kotlin
Moderate
CVE-2022-24329
was published
for
org.jetbrains.kotlin:kotlin-stdlib
(Maven)
Feb 26, 2022
ProTip!
Advisories are also available from the
GraphQL API