Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,300
Erlang
31
GitHub Actions
21
Go
2,065
Maven
5,000+
npm
3,744
NuGet
668
pip
3,427
Pub
12
RubyGems
892
Rust
877
Swift
36
Unreviewed advisories
All unreviewed
5,000+

285 advisories

Loading
An information disclosure vulnerability exists due to a web server misconfiguration in the... High Unreviewed
CVE-2022-21236 was published Jan 29, 2022
The SEUR Oficial WordPress plugin before 1.7.2 creates a PHP file with a random name when... Moderate Unreviewed
CVE-2021-25004 was published Feb 8, 2022
The RVM WordPress plugin before 6.4.2 does not have proper authorisation, CSRF checks and... Moderate Unreviewed
CVE-2021-24947 was published Feb 8, 2022
In taocms 3.0.1 after logging in to the background, there is an Arbitrary file download... Moderate Unreviewed
CVE-2021-44983 was published Feb 9, 2022
An issue was discovered in taoCMS v3.0.2. There is an arbitrary file read vulnerability that can... Moderate Unreviewed
CVE-2022-23316 was published Feb 9, 2022
Missing authorization in xwiki-platform Moderate
CVE-2022-23621 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Feb 9, 2022
In Mahara 20.10 before 20.10.4, 21.04 before 21.04.3, and 21.10 before 21.10.1, the names of... Moderate Unreviewed
CVE-2022-24694 was published Feb 10, 2022
Improper file downloads in Apache Tapestry Moderate
CVE-2020-13953 was published for org.apache.tapestry:tapestry-core (Maven) Feb 10, 2022
Information Exposure in Heketi High
CVE-2017-15104 was published for github.com/heketi/heketi (Go) Feb 15, 2022
This affects the package cesanta/mongoose before 7.6. The unsafe handling of file names during... High Unreviewed
CVE-2022-25299 was published Feb 19, 2022
This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names... High Unreviewed
CVE-2022-25297 was published Feb 22, 2022
HorizontCMS v1.0.0-beta.2 was discovered to contain an arbitrary file download vulnerability via... High Unreviewed
CVE-2022-25104 was published Feb 25, 2022
Archeevo below 5.0 is affected by local file inclusion through file=~/web.config to allow an... High Unreviewed
CVE-2022-23377 was published Mar 2, 2022
CuppaCMS v1.0 was discovered to contain an arbitrary file read via the copy function. Moderate Unreviewed
CVE-2022-25497 was published Mar 16, 2022
XML External Entities Vulnerability in CVRF-CSAF-Converter Moderate
CVE-2022-27193 was published for cvrf2csaf (pip) Mar 16, 2022
Whale browser before 3.12.129.18 allowed extensions to replace JavaScript files of the HWP viewer... Moderate Unreviewed
CVE-2022-24075 was published Mar 18, 2022
74cmsSE v3.4.1 was discovered to contain an arbitrary file read vulnerability via the $url... High Unreviewed
CVE-2022-26271 was published Mar 29, 2022
Files or Directories Accessible to External Parties in Adminer High
CVE-2021-43008 was published for vrana/adminer (Composer) Apr 6, 2022
Movie Seat Reservation v1 was discovered to contain an unauthenticated file disclosure... High Unreviewed
CVE-2022-28002 was published Apr 9, 2022
Asana Desktop before 1.6.0 allows remote attackers to exfiltrate local files if they can trick... Moderate Unreviewed
CVE-2022-26877 was published Apr 10, 2022
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0)... High Unreviewed
CVE-2022-27837 was published Apr 12, 2022
KiteCMS v1.1.1 was discovered to contain an arbitrary file read vulnerability via the background... Moderate Unreviewed
CVE-2022-28445 was published Apr 22, 2022
The Web To Print Shop : uDraw WordPress plugin before 3.3.3 does not validate the url parameter... High Unreviewed
CVE-2022-0656 was published Apr 26, 2022
NEXTWEB (i)Site stores databases under the web document root with insufficient access control,... Moderate Unreviewed
CVE-2005-1835 was published May 1, 2022
Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access... Moderate Unreviewed
CVE-2009-3597 was published May 2, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database