Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

142 advisories

Loading
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace... Moderate Unreviewed
CVE-2019-16951 was published May 24, 2022
A same-origin policy violation occurs allowing the theft of cross-origin images through a... Moderate Unreviewed
CVE-2019-11742 was published May 24, 2022
ruby193 uses an insecure LD_LIBRARY_PATH setting. Low Unreviewed
CVE-2013-1945 was published May 5, 2022
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and ... High Unreviewed
CVE-2004-0030 was published Apr 29, 2022
Magento remote code execution vulnerability High
CVE-2019-8154 was published for magento/community-edition (Composer) May 24, 2022
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php High
CVE-2024-24821 was published for composer/composer (Composer) Feb 8, 2024
edonsec
Credited to edonsec
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2)... High Unreviewed
CVE-2004-0285 was published Apr 29, 2022
PHPMailer untrusted code may be run from an overridden address validator High
CVE-2021-3603 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
0xcrypto
Credited to 0xcrypto
Breaking unlinkability in Identity Mixer using malicious keys Low
CVE-2022-31021 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0... High Unreviewed
CVE-2023-6971 was published Dec 23, 2023
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6... High Unreviewed
CVE-2023-4591 was published Nov 3, 2023
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation... Critical Unreviewed
CVE-2023-45798 was published Oct 30, 2023
PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. High Unreviewed
CVE-2023-2551 was published May 5, 2023
Unintended Require in larvitbase-api High
CVE-2019-5479 was published for larvitbase-api (npm) Sep 11, 2019
paranoid2 gem Code backdoor Critical
CVE-2019-13589 was published for paranoid2 (RubyGems) Jul 16, 2019
Embedded malware in ua-parser-js High
GHSA-pjwm-rvh2-c87w was published for ua-parser-js (npm) Oct 22, 2021
xtqqczze
Credited to xtqqczze
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1... Low Unreviewed
CVE-2022-33701 was published Jul 13, 2022
Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential... High Unreviewed
CVE-2022-41216 was published Feb 22, 2023
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows... High Unreviewed
CVE-2022-30037 was published Mar 23, 2023
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1... Moderate Unreviewed
CVE-2023-21440 was published Feb 9, 2023
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access... Moderate Unreviewed
CVE-2019-4263 was published May 24, 2022
A local file inclusion in Hospital Patient Record Management System v1.0 allows attackers to... High Unreviewed
CVE-2022-24232 was published Feb 25, 2022
Eclipse Vorto resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS High
CVE-2019-10248 was published for org.eclipse.vorto:org.eclipse.vorto.core (Maven) May 24, 2022
playSMS through 1.4.2 allows Privilege Escalation through Daemon abuse. High Unreviewed
CVE-2018-18387 was published May 13, 2022
An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated... Critical Unreviewed
CVE-2018-15486 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database