GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
281 advisories
Filter by severity
Arbitrary file read via window-open IPC in Electron
Moderate
CVE-2020-4075
was published
for
electron
(npm)
Jul 7, 2020
Unauthorized File Access in node-git-server
High
GHSA-cv3v-7846-6pxm
was published
for
node-git-server
(npm)
Sep 3, 2020
Exposure of .env if project root is configured as web root in shopware/production
Moderate
GHSA-3pcr-4982-548m
was published
for
shopware/production
(Composer)
Apr 13, 2021
Vulnerability allowing for reading internal HTTP resources
High
GHSA-hfwx-c7q6-g54c
was published
for
highcharts-export-server
(npm)
Mar 12, 2021
Unauthorized access through URL manipulation
High
GHSA-qrmm-w4v4-q7f8
was published
for
docassemble
(pip)
May 6, 2021
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function.
Moderate
Unreviewed
CVE-2022-25497
was published
Mar 16, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter
Moderate
CVE-2022-27193
was published
for
cvrf2csaf
(pip)
Mar 16, 2022
An information disclosure vulnerability exists due to a web server misconfiguration in the...
High
Unreviewed
CVE-2022-21236
was published
Jan 29, 2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer...
Moderate
Unreviewed
CVE-2022-24075
was published
Mar 18, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url...
High
Unreviewed
CVE-2022-26271
was published
Mar 29, 2022
Files or Directories Accessible to External Parties in Adminer
High
CVE-2021-43008
was published
for
vrana/adminer
(Composer)
Apr 6, 2022
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure...
High
Unreviewed
CVE-2022-28002
was published
Apr 9, 2022
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick...
Moderate
Unreviewed
CVE-2022-26877
was published
Apr 10, 2022
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background...
Moderate
Unreviewed
CVE-2022-28445
was published
Apr 22, 2022
Arbitrary file read in ginadmin
High
CVE-2022-30428
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter...
High
Unreviewed
CVE-2022-0656
was published
Apr 26, 2022
Docker Desktop 4.3.0 has Incorrect Access Control.
High
Unreviewed
CVE-2021-44719
was published
May 26, 2022
It has been discovered that redhat-certification is not properly configured and it lists all...
High
Unreviewed
CVE-2018-10863
was published
May 24, 2022
It has been discovered that redhat-certification does not restrict file access in the /update...
Critical
Unreviewed
CVE-2018-10867
was published
May 24, 2022
In multiple CODESYS products, file download and upload function allows access to internal files...
High
Unreviewed
CVE-2022-32143
was published
Jun 25, 2022
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded...
Moderate
Unreviewed
CVE-2022-2222
was published
Jul 18, 2022
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of...
High
Unreviewed
CVE-2022-24138
was published
Jul 7, 2022
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers...
Moderate
Unreviewed
CVE-2022-34049
was published
Jul 21, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root...
Moderate
Unreviewed
CVE-2021-40149
was published
Jul 18, 2022
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local...
Low
Unreviewed
CVE-2022-33686
was published
Jul 13, 2022
ProTip!
Advisories are also available from the
GraphQL API