GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,263
Erlang
31
GitHub Actions
21
Go
2,033
Maven
5,000+
npm
3,732
NuGet
662
pip
3,411
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
281 advisories
Filter by severity
Files or Directories Accessible to External Parties vulnerability in Honeywell PM43 on 32 bit,...
High
Unreviewed
CVE-2023-3712
was published
Sep 12, 2023
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002...
Moderate
Unreviewed
CVE-2023-4588
was published
Sep 6, 2023
A vulnerability was found in Dreamer CMS up to 4.1.3. It has been classified as problematic....
Low
Unreviewed
CVE-2023-4743
was published
Sep 4, 2023
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local...
Moderate
Unreviewed
CVE-2023-41717
was published
Aug 31, 2023
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an...
Moderate
Unreviewed
CVE-2023-4475
was published
Aug 22, 2023
Insecure access control in ZKTeco BioTime v8.5.5 allows unauthenticated attackers to read...
High
Unreviewed
CVE-2023-38952
was published
Aug 4, 2023
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1...
High
Unreviewed
CVE-2023-38948
was published
Aug 3, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user,...
Moderate
Unreviewed
CVE-2023-37551
was published
Aug 3, 2023
Sysaid - CWE-552: Files or Directories Accessible to External Parties -
Authenticated users...
Moderate
Unreviewed
CVE-2023-32226
was published
Jul 30, 2023
JavaScript pre-processing can be used by the attacker to gain access to the file system (read...
High
Unreviewed
CVE-2023-29450
was published
Jul 13, 2023
Apache InLong has Files or Directories Accessible to External Parties
High
CVE-2023-31064
was published
for
org.apache.inlong:manager-workflow
(Maven)
Jul 6, 2023
Apache InLong has Files or Directories Accessible to External Parties in Apache InLong
Critical
CVE-2023-31066
was published
for
org.apache.inlong:manager-service
(Maven)
Jul 6, 2023
A CWE-552 "Files or Directories Accessible to External Parties” in the web interface of the Tyan...
Moderate
Unreviewed
CVE-2023-2538
was published
Jul 5, 2023
A Directory Browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default...
Moderate
Unreviewed
CVE-2023-34834
was published
Jun 29, 2023
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the ...
High
Unreviewed
CVE-2023-36664
was published
Jun 26, 2023
An access issue was addressed with improved access restrictions. This issue is fixed in macOS...
Low
Unreviewed
CVE-2022-42834
was published
Jun 23, 2023
laravel-s vulnerable to Local File Inclusion
Critical
CVE-2023-29931
was published
for
hhxsv5/laravel-s
(Composer)
Jun 22, 2023
jfinal CMS 5.1.0 has an arbitrary file read vulnerability.
High
Unreviewed
CVE-2023-34645
was published
Jun 16, 2023
Guava vulnerable to insecure use of temporary directory
Moderate
CVE-2023-2976
was published
for
com.google.guava:guava
(Maven)
Jun 14, 2023
Dolibarr vulnerable to unauthenticated database access
High
CVE-2023-33568
was published
for
dolibarr/dolibarr
(Composer)
Jun 13, 2023
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Low
CVE-2023-32684
was published
for
github.com/lima-vm/lima
(Go)
May 31, 2023
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some...
Moderate
Unreviewed
CVE-2023-2766
was published
May 17, 2023
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate...
High
Unreviewed
CVE-2023-2180
was published
May 15, 2023
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1...
Moderate
Unreviewed
CVE-2023-29107
was published
May 9, 2023
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a...
High
Unreviewed
CVE-2023-28375
was published
Mar 28, 2023
ProTip!
Advisories are also available from the
GraphQL API