Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,894
Erlang
38
GitHub Actions
38
Go
2,556
Maven
5,000+
npm
4,228
NuGet
747
pip
4,000
Pub
12
RubyGems
953
Rust
1,041
Swift
45
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

138 advisories

Loading
A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access... High Unreviewed
CVE-2020-22124 was published May 24, 2022
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. High Unreviewed
CVE-2021-38711 was published May 24, 2022
Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation... High Unreviewed
CVE-2021-37348 was published May 24, 2022
Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control... High Unreviewed
CVE-2021-36276 was published May 24, 2022
In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. High Unreviewed
CVE-2021-36763 was published May 24, 2022
A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an... High Unreviewed
CVE-2021-33359 was published May 24, 2022
Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4... High Unreviewed
CVE-2021-31831 was published May 24, 2022
It has been discovered that redhat-certification is not properly configured and it lists all... High Unreviewed
CVE-2018-10863 was published May 24, 2022
In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and... High Unreviewed
CVE-2021-29024 was published May 24, 2022
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape... High Unreviewed
CVE-2021-20253 was published May 24, 2022
An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection... High Unreviewed
CVE-2020-26549 was published May 24, 2022
A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could... High Unreviewed
CVE-2020-3267 was published May 24, 2022
Information Exposure vulnerability in eXtplorer makes the /usr/ and /etc/extplorer/ system... High Unreviewed
CVE-2019-7305 was published May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the... High Unreviewed
CVE-2020-3927 was published May 24, 2022
An arbitrary-file-access vulnerability exists in ServiSign security plugin, as long as the... High Unreviewed
CVE-2020-3926 was published May 24, 2022
** DISPUTED ** The MSI installer for Python through 2.7.16 on Windows defaults to the C:\Python27... High Unreviewed
CVE-2019-13404 was published May 24, 2022
Authenticated (administrator or higher user role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed
CVE-2022-29447 was published May 21, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed
CVE-2022-29446 was published May 20, 2022
Vulnerability in Wordpress plugin BackWPup before v3.4.2 allows possible brute forcing of backup... High Unreviewed
CVE-2017-2551 was published May 17, 2022
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2,... High Unreviewed
CVE-2018-9587 was published May 13, 2022
Development Tools panels of an extension are required to load URLs for the panels as relative... High Unreviewed
CVE-2018-5112 was published May 13, 2022
LG LNB*, LND*, LNU*, and LNV* smart network camera devices have broken access control. Attackers... High Unreviewed
CVE-2018-16946 was published May 13, 2022
Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which... High Unreviewed
CVE-2017-11746 was published May 13, 2022
Files or directories accessible to external parties vulnerability in picasa.php in Synology Photo... High Unreviewed
CVE-2017-12079 was published May 13, 2022
redhat-certification does not properly restrict files that can be download through the /download... High Unreviewed
CVE-2018-10869 was published May 13, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database