Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
49
GitHub Actions
49
Go
3,479
Maven
5,000+
npm
5,000+
NuGet
886
pip
4,740
Pub
13
RubyGems
1,031
Rust
1,225
Swift
53
Unreviewed advisories
All unreviewed
5,000+

393 advisories

Loading
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url... High Unreviewed
CVE-2022-26271 was published Mar 29, 2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer... Moderate Unreviewed
CVE-2022-24075 was published Mar 18, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter Moderate
CVE-2022-27193 was published for cvrf2csaf (pip) Mar 16, 2022
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. Moderate Unreviewed
CVE-2022-25497 was published Mar 16, 2022
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an... High Unreviewed
CVE-2022-23377 was published Mar 2, 2022
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via... High Unreviewed
CVE-2022-25104 was published Feb 25, 2022
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names... High Unreviewed
CVE-2022-25297 was published Feb 22, 2022
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during... High Unreviewed
CVE-2022-25299 was published Feb 19, 2022
Information Exposure in Heketi High
CVE-2017-15104 was published for github.com/heketi/heketi (Go) Feb 15, 2022
Improper file downloads in Apache Tapestry Moderate
CVE-2020-13953 was published for org.apache.tapestry:tapestry-core (Maven) Feb 10, 2022
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of... Moderate Unreviewed
CVE-2022-24694 was published Feb 10, 2022
Missing authorization in xwiki-platform Moderate
CVE-2022-23621 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can... Moderate Unreviewed
CVE-2022-23316 was published Feb 9, 2022
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download... Moderate Unreviewed
CVE-2021-44983 was published Feb 9, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and... Moderate Unreviewed
CVE-2021-24947 was published Feb 8, 2022
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when... Moderate Unreviewed
CVE-2021-25004 was published Feb 8, 2022
An information disclosure vulnerability exists due to a web server misconfiguration in the... High Unreviewed
CVE-2022-21236 was published Jan 29, 2022
An issue has been discovered in GitLab CE/EE affecting all versions starting with 14.5. Arbitrary... High Unreviewed
CVE-2022-0244 was published Jan 19, 2022
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1... Low Unreviewed
CVE-2022-22267 was published Jan 11, 2022
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically... Moderate Unreviewed
CVE-2022-22268 was published Jan 11, 2022
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1... Low Unreviewed
CVE-2022-22269 was published Jan 11, 2022
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows... Moderate Unreviewed
CVE-2022-22270 was published Jan 11, 2022
In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which... High Unreviewed
CVE-2021-44315 was published Dec 17, 2021
Files Accessible to External Parties in Opencast Critical
CVE-2021-43821 was published for org.opencastproject:opencast-ingest-service-impl (Maven) Dec 14, 2021
gregorydlogan Credited to gregorydlogan
A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote... Moderate Unreviewed
CVE-2021-31850 was published Dec 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database