GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 21,537
Composer 4,454
Erlang 33
GitHub Actions 22
Go 2,153
Maven 5,330
npm 3,818
NuGet 693
pip 3,492
Pub 12
RubyGems 902
Rust 903
Swift 38

Unreviewed advisories

All unreviewed 246,993

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

117 advisories

Filter by severity

Sort by

Least recently updated

The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it... Moderate Unreviewed

CVE-2022-4236 was published Jan 3, 2023

Some Dahua software products have a vulnerability of unrestricted download of file. After... Moderate Unreviewed

CVE-2022-45426 was published Dec 27, 2022

The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input... Moderate Unreviewed

CVE-2022-4108 was published Dec 19, 2022

OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via... Moderate Unreviewed

CVE-2022-43449 was published Nov 4, 2022

An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an... Moderate Unreviewed

CVE-2022-23738 was published Nov 1, 2022

Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows... Moderate Unreviewed

CVE-2022-37424 was published Oct 28, 2022

The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly... Moderate Unreviewed

CVE-2022-2834 was published Oct 17, 2022

The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded... Moderate Unreviewed

CVE-2022-2981 was published Oct 11, 2022

When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated... Moderate Unreviewed

CVE-2022-3287 was published Sep 29, 2022

The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file... Moderate Unreviewed

CVE-2022-2392 was published Aug 23, 2022

IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain... Moderate Unreviewed

CVE-2022-22490 was published Aug 11, 2022

An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers... Moderate Unreviewed

CVE-2022-34049 was published Jul 21, 2022

The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded... Moderate Unreviewed

CVE-2022-2222 was published Jul 18, 2022

The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root... Moderate Unreviewed

CVE-2021-40149 was published Jul 18, 2022

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence... Moderate Unreviewed

CVE-2021-31600 was published May 24, 2022

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the... Moderate Unreviewed

CVE-2021-35203 was published May 24, 2022

Hitachi Content Platform Anywhere (HCP-AW) 4.4.5 and later allows information disclosure. If... Moderate Unreviewed

CVE-2021-41573 was published May 24, 2022

An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep... Moderate Unreviewed

CVE-2021-25459 was published May 24, 2022

A vulnerability in the web UI for Cisco Nexus Insights could allow an authenticated, remote... Moderate Unreviewed

CVE-2021-34765 was published May 24, 2022

The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design)... Moderate Unreviewed

CVE-2021-36233 was published May 24, 2022

An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This... Moderate Unreviewed

CVE-2020-25351 was published May 24, 2022

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected... Moderate Unreviewed

CVE-2021-29969 was published May 24, 2022

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... Moderate Unreviewed

CVE-2021-1512 was published May 24, 2022

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an... Moderate Unreviewed

CVE-2021-1256 was published May 24, 2022

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before... Moderate Unreviewed

CVE-2021-24154 was published May 24, 2022

Previous 1 2 3 4 5 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

117 advisories