Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,454
Erlang
33
GitHub Actions
22
Go
2,153
Maven
5,000+
npm
3,818
NuGet
693
pip
3,492
Pub
12
RubyGems
902
Rust
903
Swift
38
Unreviewed advisories
All unreviewed
5,000+

312 advisories

Loading
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary... High Unreviewed
CVE-2022-0244 was published Jan 19, 2022
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download... Moderate Unreviewed
CVE-2021-44983 was published Feb 9, 2022
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can... Moderate Unreviewed
CVE-2022-23316 was published Feb 9, 2022
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when... Moderate Unreviewed
CVE-2021-25004 was published Feb 8, 2022
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of... Moderate Unreviewed
CVE-2022-24694 was published Feb 10, 2022
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during... High Unreviewed
CVE-2022-25299 was published Feb 19, 2022
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via... High Unreviewed
CVE-2022-25104 was published Feb 25, 2022
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names... High Unreviewed
CVE-2022-25297 was published Feb 22, 2022
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an... High Unreviewed
CVE-2022-23377 was published Mar 2, 2022
The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin... Moderate Unreviewed
CVE-2022-4346 was published Jan 23, 2023
Information Exposure in Heketi High
CVE-2017-15104 was published for github.com/heketi/heketi (Go) Feb 15, 2022
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how... High Unreviewed
CVE-2022-1117 was published Aug 29, 2022
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation... High Unreviewed
CVE-2021-4112 was published Aug 26, 2022
An access-control flaw was found in the OpenStack Orchestration (heat) service before 8.0.0, 6.1... Moderate Unreviewed
CVE-2017-2621 was published May 3, 2022
An accessibility flaw was found in the OpenStack Workflow (mistral) service where a service log... Moderate Unreviewed
CVE-2017-2622 was published May 13, 2022
redhat-certification does not properly restrict files that can be download through the /download... High Unreviewed
CVE-2018-10869 was published May 13, 2022
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction... Moderate Unreviewed
CVE-2022-48094 was published Feb 1, 2023
Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the... High Unreviewed
CVE-2022-48161 was published Feb 1, 2023
CRMEB 4.4.4 is vulnerable to Any File download. High Unreviewed
CVE-2022-44343 was published Feb 6, 2023
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user... High Unreviewed
CVE-2023-0331 was published Feb 27, 2023
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization,... High Unreviewed
CVE-2023-0822 was published Feb 17, 2023
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read... High Unreviewed
CVE-2023-22974 was published Feb 22, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the... High Unreviewed
CVE-2023-26948 was published Mar 9, 2023
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows... High Unreviewed
CVE-2023-1246 was published Mar 10, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the... High Unreviewed
CVE-2023-26956 was published Mar 8, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database