Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

354 advisories

Loading
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction... Moderate Unreviewed
CVE-2022-48094 was published Feb 1, 2023
Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the... High Unreviewed
CVE-2022-48161 was published Feb 1, 2023
The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin... Moderate Unreviewed
CVE-2022-4346 was published Jan 23, 2023
OpenStack Swift XML external entities (XXE) Injection Moderate
CVE-2022-47950 was published for swift (pip) Jan 18, 2023
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0... Moderate Unreviewed
CVE-2022-45440 was published Jan 17, 2023
GitOps Run allows for Kubernetes workload injection High
CVE-2022-23508 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient... Moderate Unreviewed
CVE-2022-45052 was published Jan 4, 2023
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it... High Unreviewed
CVE-2022-4140 was published Jan 3, 2023
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it... Moderate Unreviewed
CVE-2022-4236 was published Jan 3, 2023
Some Dahua software products have a vulnerability of unrestricted download of file. After... Moderate Unreviewed
CVE-2022-45426 was published Dec 27, 2022
The sourceMapURL feature in devtools was missing security checks that would have allowed a... Moderate Unreviewed
CVE-2022-28283 was published Dec 22, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input... Moderate Unreviewed
CVE-2022-4108 was published Dec 19, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation... High Unreviewed
CVE-2022-4106 was published Dec 19, 2022
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https:... High Unreviewed
CVE-2022-45227 was published Dec 12, 2022
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030... High Unreviewed
CVE-2022-44356 was published Nov 29, 2022
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive... High Unreviewed
CVE-2022-3691 was published Nov 21, 2022
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. High Unreviewed
CVE-2022-44583 was published Nov 19, 2022
Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF High
CVE-2022-45129 was published for fish.payara.distributions:payara (Maven) Nov 10, 2022
tstoney-exiger
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via... Moderate Unreviewed
CVE-2022-43449 was published Nov 4, 2022
Markdownify has Files or Directories Accessible to External Parties Moderate
CVE-2022-41710 was published for electron-markdownify (npm) Nov 4, 2022
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an... Moderate Unreviewed
CVE-2022-23738 was published Nov 1, 2022
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows... Moderate Unreviewed
CVE-2022-37424 was published Oct 28, 2022
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure Moderate
CVE-2022-43414 was published for org.jenkins-ci.plugins:nunit (Maven) Oct 19, 2022
The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly... Moderate Unreviewed
CVE-2022-2834 was published Oct 17, 2022
There is a file inclusion vulnerability in the template management module in UCMS 1.6 High Unreviewed
CVE-2022-42234 was published Oct 14, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database