Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

109 advisories

Loading
A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated... Moderate Unreviewed
CVE-2023-0008 was published May 10, 2023
External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. High Unreviewed
CVE-2023-2554 was published May 5, 2023
Moodle External Control of File Name or Path vulnerability Moderate
CVE-2023-30943 was published for moodle/moodle (Composer) May 2, 2023
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0... Moderate Unreviewed
CVE-2023-2152 was published Apr 18, 2023
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in... Moderate Unreviewed
CVE-2021-4332 was published Mar 7, 2023
Juju controller - Arbitrary file reading vulnerability Moderate
CVE-2023-0092 was published for github.com/juju/juju (Go) Mar 1, 2023
yhy0
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. High Unreviewed
CVE-2023-1105 was published Mar 1, 2023
TeamPass External Control of File Name or Path vulnerability High
CVE-2023-1070 was published for nilsteampassnet/teampass (Composer) Feb 27, 2023
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an... Moderate Unreviewed
CVE-2023-0003 was published Feb 8, 2023
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation... High Unreviewed
CVE-2022-43513 was published Jan 10, 2023
A vulnerability, which was classified as problematic, has been found in sternenseemann... Critical Unreviewed
CVE-2014-125059 was published Jan 7, 2023
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This... Critical Unreviewed
CVE-2014-125044 was published Jan 5, 2023
Yapscan's report receiver server vulnerable to path traversal and log injection High
GHSA-9h6h-9g78-86f7 was published for github.com/fkie-cad/yapscan (Go) Dec 29, 2022
tdunlap607
Cortex's Alertmanager can expose local files content via specially crafted config Moderate
CVE-2022-23536 was published for github.com/cortexproject/cortex (Go) Dec 19, 2022
aus
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up... High Unreviewed
CVE-2022-2431 was published Sep 7, 2022
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2022-2943 was published Sep 7, 2022
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be... Moderate Unreviewed
CVE-2022-2638 was published Aug 29, 2022
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of... Moderate Unreviewed
CVE-2022-32761 was published Aug 23, 2022
An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6... Moderate Unreviewed
CVE-2022-28710 was published Aug 23, 2022
Dompdf before v2.0.0 vulnerable to chroot check bypass Moderate
CVE-2022-2400 was published for dompdf/dompdf (Composer) Jul 19, 2022
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of... Moderate Unreviewed
CVE-2022-34765 was published Jul 14, 2022
There are multiple API function codes that permit reading and writing data to or from files and... Critical Unreviewed
CVE-2021-38477 was published May 24, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2021-27250 was published May 24, 2022
ingress-nginx component for Kubernetes allows file overwrite Moderate
CVE-2020-8553 was published for k8s.io/ingress-nginx (Go) May 24, 2022
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported... Moderate Unreviewed
CVE-2022-0246 was published Apr 12, 2022
ProTip! Advisories are also available from the GraphQL API