Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
37
GitHub Actions
36
Go
2,500
Maven
5,000+
npm
4,147
NuGet
735
pip
3,948
Pub
12
RubyGems
945
Rust
1,025
Swift
39
Unreviewed advisories
All unreviewed
5,000+

354 advisories

Loading
JavaScript pre-processing can be used by the attacker to gain access to the file system (read... High Unreviewed
CVE-2023-29450 was published Jul 13, 2023
Sysaid - CWE-552: Files or Directories Accessible to External Parties -  Authenticated users... Moderate Unreviewed
CVE-2023-32226 was published Jul 30, 2023
In multiple Codesys products in multiple versions, after successful authentication as a user,... Moderate Unreviewed
CVE-2023-37551 was published Aug 3, 2023
An arbitrary file download vulnerability in the /c/PluginsController.php component of jizhi CMS 1... High Unreviewed
CVE-2023-38948 was published Aug 3, 2023
An Arbitrary File Movement vulnerability was found in ASUSTOR Data Master (ADM) allows an... Moderate Unreviewed
CVE-2023-4475 was published Aug 22, 2023
File accessibility vulnerability in Delinea Secret Server, in its v10.9.000002 and v11.4.000002... Moderate Unreviewed
CVE-2023-4588 was published Sep 6, 2023
Dreamer CMS v4.1.3 was discovered to contain an arbitrary file read vulnerability via the... High Unreviewed
CVE-2023-43856 was published Sep 27, 2023
Files or Directories Accessible to External Parties in RDT400 in SICK APU allows an unprivileged... Moderate Unreviewed
CVE-2023-5101 was published Oct 9, 2023
The WordPress Gallery Plugin WordPress plugin before 3.39 is vulnerable to Arbitrary File Read... High Unreviewed
CVE-2023-3155 was published Oct 16, 2023
A vulnerability in the API subsystem of Cisco Unified Contact Center Express (Unified CCX) could... High Unreviewed
CVE-2020-3267 was published May 24, 2022
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local... Moderate Unreviewed
CVE-2023-41717 was published Aug 31, 2023
carRental 1.0 is vulnerable to Incorrect Access Control (Arbitrary File Read on the Back-end... High Unreviewed
CVE-2023-33517 was published Oct 24, 2023
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21403 was published Feb 13, 2024
Drupal core access bypass vulnerability Moderate
CVE-2017-6922 was published for drupal/core (Composer) May 13, 2022
Softing Secure Integration Server OPC UA Gateway Directory Creation Vulnerability. This... Moderate Unreviewed
CVE-2023-39479 was published May 3, 2024
Softing Secure Integration Server FileDirectory OPC UA Object Arbitrary File Creation... Moderate Unreviewed
CVE-2023-39480 was published May 3, 2024
Pterodactyl Wings vulnerable to Arbitrary File Write/Read High
CVE-2024-34066 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux matthewpi
Scrapy allows redirect following in protocols other than HTTP Moderate
GHSA-23j4-mw76-5v7h was published for Scrapy (pip) May 14, 2024
wolfictl leaks GitHub tokens to remote non-GitHub git servers Moderate
CVE-2024-35183 was published for github.com/wolfi-dev/wolfictl (Go) May 15, 2024
luhring
Path Traversal in Apache Flink High
CVE-2020-17519 was published for org.apache.flink:flink-runtime_2.11 (Maven) Jan 6, 2021
stephanmiehe
A vulnerability was found in Casdoor up to 1.335.0. It has been classified as problematic.... Moderate Unreviewed
CVE-2024-5587 was published Jun 2, 2024
CWE-552: Files or Directories Accessible to External Parties vulnerability exists which may... Moderate Unreviewed
CVE-2024-5056 was published Jun 12, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery Critical
CVE-2024-5262 was published for github.com/projectdiscovery/interactsh (Go) Jun 5, 2024
Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25... High Unreviewed
CVE-2024-4836 was published Jul 2, 2024
Matrix Tafnit v8 -  CWE-552: Files or Directories Accessible to External Parties High Unreviewed
CVE-2024-38429 was published Jul 30, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database