Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

121 advisories

Loading
Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <... High Unreviewed
CVE-2022-33901 was published Jul 23, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/... High Unreviewed
CVE-2021-40150 was published Jul 18, 2022
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of... High Unreviewed
CVE-2022-24138 was published Jul 7, 2022
In multiple CODESYS products, file download and upload function allows access to internal files... High Unreviewed
CVE-2022-32143 was published Jun 25, 2022
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component ... High Unreviewed
CVE-2022-29720 was published May 27, 2022
Docker Desktop 4.3.0 has Incorrect Access Control. High Unreviewed
CVE-2021-44719 was published May 26, 2022
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper... High Unreviewed
CVE-2021-22015 was published May 24, 2022
A local file inclusion vulnerability in ExpertPDF 9.5.0 through 14.1.0 allows attackers to read... High Unreviewed
CVE-2020-35340 was published May 24, 2022
Emby Server is a personal media server with apps on many devices. In Emby Server on Windows there... High Unreviewed
CVE-2021-32833 was published May 24, 2022
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access... High Unreviewed
CVE-2020-22124 was published May 24, 2022
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. High Unreviewed
CVE-2021-38711 was published May 24, 2022
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation... High Unreviewed
CVE-2021-37348 was published May 24, 2022
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control... High Unreviewed
CVE-2021-36276 was published May 24, 2022
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. High Unreviewed
CVE-2021-36763 was published May 24, 2022
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an... High Unreviewed
CVE-2021-33359 was published May 24, 2022
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4... High Unreviewed
CVE-2021-31831 was published May 24, 2022
It has been discovered that redhat-certification is not properly configured and it lists all... High Unreviewed
CVE-2018-10863 was published May 24, 2022
In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and... High Unreviewed
CVE-2021-29024 was published May 24, 2022
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape... High Unreviewed
CVE-2021-20253 was published May 24, 2022
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection... High Unreviewed
CVE-2020-26549 was published May 24, 2022
A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could... High Unreviewed
CVE-2020-3267 was published May 24, 2022
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system... High Unreviewed
CVE-2019-7305 was published May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the... High Unreviewed
CVE-2020-3927 was published May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the... High Unreviewed
CVE-2020-3926 was published May 24, 2022
** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27... High Unreviewed
CVE-2019-13404 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database