Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,152
Maven
5,000+
npm
3,816
NuGet
692
pip
3,492
Pub
12
RubyGems
902
Rust
900
Swift
38
Unreviewed advisories
All unreviewed
5,000+

311 advisories

Loading
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows... Moderate Unreviewed
CVE-2022-37424 was published Oct 28, 2022
An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence... Moderate Unreviewed
CVE-2021-31600 was published May 24, 2022
There is a file inclusion vulnerability in the template management module in UCMS 1.6 High Unreviewed
CVE-2022-42234 was published Oct 14, 2022
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file... Moderate Unreviewed
CVE-2022-2392 was published Aug 23, 2022
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component ... High Unreviewed
CVE-2022-29720 was published May 27, 2022
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive... High Unreviewed
CVE-2022-3691 was published Nov 21, 2022
Wildfly-Core user account mismanagement High
CVE-2021-3717 was published for org.wildfly.core:wildfly-core-parent (Maven) May 25, 2022
The vCenter Server contains multiple local privilege escalation vulnerabilities due to improper... High Unreviewed
CVE-2021-22015 was published May 24, 2022
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an... Moderate Unreviewed
CVE-2022-23738 was published Nov 1, 2022
In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and... High Unreviewed
CVE-2021-29024 was published May 24, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation... High Unreviewed
CVE-2022-4106 was published Dec 19, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input... Moderate Unreviewed
CVE-2022-4108 was published Dec 19, 2022
novel-plus 3.6.0 suffers from an Arbitrary file reading vulnerability. High Unreviewed
CVE-2022-28462 was published May 6, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file... High Unreviewed
CVE-2022-2357 was published Aug 9, 2022
SolarView Compact ver.6.00 was discovered to contain a local file disclosure via /html/Solar_Ftp... Moderate Unreviewed
CVE-2022-29302 was published May 13, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain... Moderate Unreviewed
CVE-2022-22490 was published Aug 11, 2022
The VFS subsystem in the Linux kernel 3.x provides an incomplete set of requirements for setattr... Moderate Unreviewed
CVE-2015-1350 was published May 13, 2022
Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized... High Unreviewed
CVE-2017-16651 was published May 13, 2022
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. High Unreviewed
CVE-2022-44583 was published Nov 19, 2022
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep... Moderate Unreviewed
CVE-2021-25459 was published May 24, 2022
A vulnerability in the ConfD server of the Cisco Elastic Services Controller (ESC) could allow an... Low Unreviewed
CVE-2018-0106 was published May 13, 2022
Exposure of Sensitive Information to an Unauthorized Actor in Apache Wicket High
CVE-2020-11976 was published for org.apache.wicket:wicket-core (Maven) May 7, 2021
jacobovazquez
Improper file downloads in Apache Tapestry Moderate
CVE-2020-13953 was published for org.apache.tapestry:tapestry-core (Maven) Feb 10, 2022
Creation of Temporary File in Directory with Insecure Permissions in the OpenAPI Generator Maven plugin Moderate
CVE-2021-21429 was published for org.openapitools:openapi-generator-maven-plugin (Maven) Apr 29, 2021
JLLeitschuh
Files or Directories Accessible to External Parties in ether/logs High
CVE-2021-32752 was published for ether/logs (Composer) Jul 12, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database