GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
102 advisories
Filter by severity
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
Moderate
Unreviewed
CVE-2022-25497
was published
Mar 16, 2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer...
Moderate
Unreviewed
CVE-2022-24075
was published
Mar 18, 2022
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick...
Moderate
Unreviewed
CVE-2022-26877
was published
Apr 10, 2022
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background...
Moderate
Unreviewed
CVE-2022-28445
was published
Apr 22, 2022
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded...
Moderate
Unreviewed
CVE-2022-2222
was published
Jul 18, 2022
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers...
Moderate
Unreviewed
CVE-2022-34049
was published
Jul 21, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root...
Moderate
Unreviewed
CVE-2021-40149
was published
Jul 18, 2022
cmseasy V7.7.5_20211012 is affected by an arbitrary file read vulnerability. After login, the...
Moderate
Unreviewed
CVE-2021-42644
was published
May 18, 2022
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via...
Moderate
Unreviewed
CVE-2022-43449
was published
Nov 4, 2022
The WP Database Backup plugin through 5.5 for WordPress stores downloads by default locally in...
Moderate
Unreviewed
CVE-2020-7241
was published
May 24, 2022
Some Dahua software products have a vulnerability of unrestricted download of file. After...
Moderate
Unreviewed
CVE-2022-45426
was published
Dec 27, 2022
A vulnerability has been identified in OZW672 (All versions < V10.00), OZW772 (All versions < V10...
Moderate
Unreviewed
CVE-2019-13941
was published
May 24, 2022
Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment...
Moderate
Unreviewed
CVE-2020-26182
was published
May 24, 2022
A local file inclusion vulnerability in B&R SiteManager versions <9.2.620236042 allows...
Moderate
Unreviewed
CVE-2020-11641
was published
May 24, 2022
Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior...
Moderate
Unreviewed
CVE-2020-1908
was published
May 24, 2022
The local file inclusion vulnerability present in B&R SiteManager versions <9.2.620236042 allows...
Moderate
Unreviewed
CVE-2020-11642
was published
May 24, 2022
Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability....
Moderate
Unreviewed
CVE-2020-26183
was published
May 24, 2022
Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows...
Moderate
Unreviewed
CVE-2020-27368
was published
May 24, 2022
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated...
Moderate
Unreviewed
CVE-2022-3287
was published
Sep 29, 2022
The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before...
Moderate
Unreviewed
CVE-2021-24154
was published
May 24, 2022
It has been discovered in redhat-certification that any unauthorized user may download any file...
Moderate
Unreviewed
CVE-2019-3897
was published
May 24, 2022
A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local...
Moderate
Unreviewed
CVE-2021-1434
was published
May 24, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and...
Moderate
Unreviewed
CVE-2021-24947
was published
Feb 8, 2022
If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected...
Moderate
Unreviewed
CVE-2021-29969
was published
May 24, 2022
An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This...
Moderate
Unreviewed
CVE-2020-25351
was published
May 24, 2022
ProTip!
Advisories are also available from the
GraphQL API