GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 23,835
Composer 4,870
Erlang 36
GitHub Actions 36
Go 2,493
Maven 5,926
npm 4,126
NuGet 735
pip 3,943
Pub 12
RubyGems 945
Rust 1,021
Swift 39

Unreviewed advisories

All unreviewed 269,159

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

63 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of... Critical Unreviewed

CVE-2022-30258 was published Nov 22, 2022

An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of... Critical Unreviewed

CVE-2022-30257 was published Nov 22, 2022

Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Reading arbitrary... Moderate Unreviewed

CVE-2022-30621 was published Jul 19, 2022

A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when... High Unreviewed

CVE-2022-27778 was published Jun 3, 2022

The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed

CVE-2021-37215 was published May 24, 2022

The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed

CVE-2021-37213 was published May 24, 2022

Zoho ManageEngine ADSelfService Plus version 6113 and prior is vulnerable to REST API... Critical Unreviewed

CVE-2021-40539 was published May 24, 2022

The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed

CVE-2021-37212 was published May 24, 2022

The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)... High Unreviewed

CVE-2021-37214 was published May 24, 2022

libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse,... High Unreviewed

CVE-2021-22924 was published May 24, 2022

CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink()... Critical Unreviewed

CVE-2021-37144 was published May 24, 2022

Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object... Moderate Unreviewed

CVE-2021-35337 was published May 24, 2022

Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations,... Moderate Unreviewed

CVE-2021-32054 was published May 24, 2022

The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the... Moderate Unreviewed

CVE-2020-4719 was published May 24, 2022

An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An... Moderate Unreviewed

CVE-2020-35566 was published May 24, 2022

MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10... High Unreviewed

CVE-2020-15505 was published May 24, 2022

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles... High Unreviewed

CVE-2020-12278 was published May 24, 2022

An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles... High Unreviewed

CVE-2020-12279 was published May 24, 2022

An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't... Critical Unreviewed

CVE-2020-10574 was published May 24, 2022

The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote... Moderate Unreviewed

CVE-2019-12837 was published May 24, 2022

A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This... High Unreviewed

CVE-2019-17575 was published May 24, 2022

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a... Moderate Unreviewed

CVE-2019-0220 was published May 24, 2022

EnvoyProxy Envoy Missing HTTP URL path normalization Critical

CVE-2019-9901 was published for github.com/envoyproxy/envoy (Go) May 24, 2022

Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company... Moderate Unreviewed

CVE-2022-29448 was published May 21, 2022

Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow... High Unreviewed

CVE-2022-29445 was published May 19, 2022

Previous 123 Next

Previous 1 2 3 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

63 advisories