Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

143 advisories

Loading
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated... Critical Unreviewed
CVE-2022-24119 was published Dec 26, 2022
An iframe that was not permitted to run scripts could do so if the user clicked on a <code... High Unreviewed
CVE-2022-34468 was published Dec 22, 2022
Markdownify subject to Remote Code Execution via malicious markdown file High
CVE-2022-41709 was published for electron-markdownify (npm) Oct 19, 2022
A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos... High Unreviewed
CVE-2022-22246 was published Oct 18, 2022
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user... Moderate Unreviewed
CVE-2022-37191 was published Sep 14, 2022
Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the... High Unreviewed
CVE-2022-34121 was published Jul 28, 2022
Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64... High Unreviewed
CVE-2022-33317 was published Jul 21, 2022
Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated... High Unreviewed
CVE-2022-30244 was published Jul 16, 2022
Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from... High Unreviewed
CVE-2022-30243 was published Jul 16, 2022
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1... Low Unreviewed
CVE-2022-33701 was published Jul 13, 2022
In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the... High Unreviewed
CVE-2021-41037 was published Jul 9, 2022
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This... High Unreviewed
CVE-2021-4229 was published May 25, 2022
Magento remote code execution vulnerability High
CVE-2019-8154 was published for magento/community-edition (Composer) May 24, 2022
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier,... Moderate Unreviewed
CVE-2021-20843 was published May 24, 2022
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included... High Unreviewed
CVE-2021-41569 was published May 24, 2022
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and... Critical Unreviewed
CVE-2020-16152 was published May 24, 2022
In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the... High Unreviewed
CVE-2021-33626 was published May 24, 2022
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the... High Unreviewed
CVE-2021-38360 was published May 24, 2022
NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared... High Unreviewed
CVE-2021-34398 was published May 24, 2022
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of... Critical Unreviewed
CVE-2021-21804 was published May 24, 2022
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged... High Unreviewed
CVE-2021-34692 was published May 24, 2022
Local file inclusion exists in Kaseya VSA before 9.5.6. High Unreviewed
CVE-2021-30121 was published May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... Moderate Unreviewed
CVE-2021-29777 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed
CVE-2021-31927 was published May 24, 2022
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212... High Unreviewed
CVE-2021-30507 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database