Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,636
Maven
5,000+
npm
4,262
NuGet
760
pip
4,057
Pub
12
RubyGems
956
Rust
1,054
Swift
45
Unreviewed advisories
All unreviewed
5,000+

142 advisories

Loading
MyBB Group MyBB contains a File Inclusion vulnerability in Admin panel (Tools and Maintenance ->... High Unreviewed
CVE-2018-1000502 was published May 13, 2022
The cache directory on the local file system is set to be world writable. Firefox defaults to... Critical Unreviewed
CVE-2017-5397 was published May 13, 2022
A flaw in the IBM J9 VM class verifier allows untrusted code to disable the security manager and... Critical Unreviewed
CVE-2017-1376 was published May 13, 2022
A vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could... High Unreviewed
CVE-2017-14095 was published May 13, 2022
A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos... High Unreviewed
CVE-2022-22246 was published Oct 18, 2022
Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console... Critical Unreviewed
CVE-2018-17246 was published May 13, 2022
An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an... High Unreviewed
CVE-2021-42133 was published Dec 8, 2021
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4 Moderate
CVE-2021-26272 was published for ckeditor4 (npm) Oct 13, 2021
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow... Moderate Unreviewed
CVE-2018-8351 was published May 13, 2022
Command Injection in @theia/messages Moderate
CVE-2021-28162 was published for @theia/messages (npm) May 10, 2021
Server-Side Request Forgery and Inclusion of Functionality from Untrusted Control Sphere in jsreport High
CVE-2020-8128 was published for jsreport (npm) Apr 13, 2021
Maccms 10 allows remote attackers to execute arbitrary PHP code by entering this code in a... High Unreviewed
CVE-2019-9829 was published May 13, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an... Moderate Unreviewed
CVE-2022-29845 was published May 12, 2022
CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed
CVE-2022-25486 was published Mar 16, 2022
The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and... Critical Unreviewed
CVE-2020-16152 was published May 24, 2022
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier,... Moderate Unreviewed
CVE-2021-20843 was published May 24, 2022
SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included... High Unreviewed
CVE-2021-41569 was published May 24, 2022
The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the... High Unreviewed
CVE-2021-38360 was published May 24, 2022
NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared... High Unreviewed
CVE-2021-34398 was published May 24, 2022
A local file inclusion (LFI) vulnerability exists in the options.php script functionality of... Critical Unreviewed
CVE-2021-21804 was published May 24, 2022
iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged... High Unreviewed
CVE-2021-34692 was published May 24, 2022
Local file inclusion exists in Kaseya VSA before 9.5.6. High Unreviewed
CVE-2021-30121 was published May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... Moderate Unreviewed
CVE-2021-29777 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed
CVE-2021-31927 was published May 24, 2022
Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212... High Unreviewed
CVE-2021-30507 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database