Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,698
Maven
5,000+
npm
4,325
NuGet
761
pip
4,099
Pub
12
RubyGems
958
Rust
1,063
Swift
45
Unreviewed advisories
All unreviewed
5,000+

171 advisories

Loading
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate... High Unreviewed
CVE-2023-2180 was published May 15, 2023
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup... High Unreviewed
CVE-2023-27180 was published Apr 7, 2023
The Shopping Cart & eCommerce Store WordPress plugin before 5.4.3 does not validate HTTP requests... High Unreviewed
CVE-2023-1124 was published Apr 3, 2023
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a... High Unreviewed
CVE-2023-28375 was published Mar 28, 2023
Stimulsoft Designer (Web) 2023.1.3 is vulnerable to Local File Inclusion. High Unreviewed
CVE-2023-25260 was published Mar 28, 2023
amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion. High Unreviewed
CVE-2023-23330 was published Mar 28, 2023
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows... High Unreviewed
CVE-2023-1246 was published Mar 10, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the... High Unreviewed
CVE-2023-26948 was published Mar 9, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the... High Unreviewed
CVE-2023-26956 was published Mar 8, 2023
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user... High Unreviewed
CVE-2023-0331 was published Feb 27, 2023
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read... High Unreviewed
CVE-2023-22974 was published Feb 22, 2023
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization,... High Unreviewed
CVE-2023-0822 was published Feb 17, 2023
CRMEB 4.4.4 is vulnerable to Any File download. High Unreviewed
CVE-2022-44343 was published Feb 6, 2023
Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the... High Unreviewed
CVE-2022-48161 was published Feb 1, 2023
GitOps Run allows for Kubernetes workload injection High
CVE-2022-23508 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
Credited to pjbgf
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it... High Unreviewed
CVE-2022-4140 was published Jan 3, 2023
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation... High Unreviewed
CVE-2022-4106 was published Dec 19, 2022
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https:... High Unreviewed
CVE-2022-45227 was published Dec 12, 2022
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030... High Unreviewed
CVE-2022-44356 was published Nov 29, 2022
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive... High Unreviewed
CVE-2022-3691 was published Nov 21, 2022
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. High Unreviewed
CVE-2022-44583 was published Nov 19, 2022
Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF High
CVE-2022-45129 was published for fish.payara.distributions:payara (Maven) Nov 10, 2022
tstoney-exiger
Credited to tstoney-exiger
There is a file inclusion vulnerability in the template management module in UCMS 1.6 High Unreviewed
CVE-2022-42234 was published Oct 14, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows... High Unreviewed
CVE-2022-40126 was published Sep 30, 2022
Dompdf allows remote file inclusion because URI validation failure does not halt font registration High
CVE-2022-41343 was published for dompdf/dompdf (Composer) Sep 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database