Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

354 advisories

Loading
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded... Moderate Unreviewed
CVE-2022-2981 was published Oct 11, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows... High Unreviewed
CVE-2022-40126 was published Sep 30, 2022
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated... Moderate Unreviewed
CVE-2022-3287 was published Sep 29, 2022
Dompdf allows remote file inclusion because URI validation failure does not halt font registration High
CVE-2022-41343 was published for dompdf/dompdf (Composer) Sep 26, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi... High Unreviewed
CVE-2022-36552 was published Aug 31, 2022
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how... High Unreviewed
CVE-2022-1117 was published Aug 29, 2022
Keycloak has Files or Directories Accessible to External Parties Moderate
CVE-2021-3856 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation... High Unreviewed
CVE-2021-4112 was published Aug 26, 2022
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak... High Unreviewed
CVE-2021-3800 was published Aug 24, 2022
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file... Moderate Unreviewed
CVE-2022-2392 was published Aug 23, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain... Moderate Unreviewed
CVE-2022-22490 was published Aug 11, 2022
The WSM Downloader WordPress plugin through 1.4.0 allows any visitor to use its remote file... High Unreviewed
CVE-2022-2357 was published Aug 9, 2022
The Project Source Code Download WordPress plugin through 1.0.0 does not protect its backup... High Unreviewed
CVE-2022-1585 was published Aug 2, 2022
Trend Micro VPN Proxy Pro version 5.2.1026 and below contains a vulnerability involving some... High Unreviewed
CVE-2022-33158 was published Jul 31, 2022
Unauthenticated Arbitrary File Read vulnerability in MultiSafepay plugin for WooCommerce plugin <... High Unreviewed
CVE-2022-33901 was published Jul 23, 2022
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers... Moderate Unreviewed
CVE-2022-34049 was published Jul 21, 2022
The Download Monitor WordPress plugin before 4.5.91 does not ensure that files to be downloaded... Moderate Unreviewed
CVE-2022-2222 was published Jul 18, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its SSL private key via the root... Moderate Unreviewed
CVE-2021-40149 was published Jul 18, 2022
The web server of the E1 Zoom camera through 3.0.0.716 discloses its configuration via the /conf/... High Unreviewed
CVE-2021-40150 was published Jul 18, 2022
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local... Low Unreviewed
CVE-2022-33686 was published Jul 13, 2022
IOBit Advanced System Care (Asc.exe) 15 and Action Download Center both download components of... High Unreviewed
CVE-2022-24138 was published Jul 7, 2022
In multiple CODESYS products, file download and upload function allows access to internal files... High Unreviewed
CVE-2022-32143 was published Jun 25, 2022
74cmsSE v3.5.1 was discovered to contain an arbitrary file read vulnerability via the component ... High Unreviewed
CVE-2022-29720 was published May 27, 2022
Arbitrary file read in ginadmin High
CVE-2022-30428 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Docker Desktop 4.3.0 has Incorrect Access Control. High Unreviewed
CVE-2021-44719 was published May 26, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database