GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,024
Maven
5,000+
npm
3,731
NuGet
662
pip
3,407
Pub
12
RubyGems
891
Rust
864
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
48 advisories
Filter by severity
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and...
Moderate
Unreviewed
CVE-2021-36190
was published
Dec 9, 2021
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful...
Moderate
Unreviewed
CVE-2021-37112
was published
Jan 4, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar...
Moderate
Unreviewed
CVE-2022-0377
was published
Mar 1, 2022
In Gallery, there is a possible permission bypass due to a confused deputy. This could lead to...
Moderate
Unreviewed
CVE-2021-39765
was published
Mar 31, 2022
An elevation of privilege vulnerability exists in Windows 10, Windows 8.1, Windows RT 8.1,...
Moderate
Unreviewed
CVE-2017-0211
was published
May 13, 2022
The PSFTPd 10.0.4 Build 729 server does not prevent FTP bounce scans by default. These can be...
Moderate
Unreviewed
CVE-2017-15269
was published
May 13, 2022
Manually dragging and dropping an Outlook email message into the browser will trigger a page...
Moderate
Unreviewed
CVE-2018-12381
was published
May 13, 2022
Information Disclosure is possible on WAGO Series PFC100 and PFC200 devices before FW12 due to...
Moderate
Unreviewed
CVE-2019-18202
was published
May 24, 2022
In AccountManager, there is a possible bypass of a permissions check due to a confused deputy....
Moderate
Unreviewed
CVE-2020-0338
was published
May 24, 2022
In MediaProvider, there is a possible bypass of a permissions check due to a confused deputy....
Moderate
Unreviewed
CVE-2020-0337
was published
May 24, 2022
A frame-injection issue in the online help in Redwood Report2Web 4.3.4.5 allows remote attackers...
Moderate
Unreviewed
CVE-2021-26711
was published
May 24, 2022
A malicious website that causes an HTTP Authentication dialog to be spawned could trick the built...
Moderate
Unreviewed
CVE-2021-29965
was published
May 24, 2022
In scheduleTimeoutLocked of NotificationRecord.java, there is a possible disclosure of a...
Moderate
Unreviewed
CVE-2021-0599
was published
May 24, 2022
A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to...
Moderate
Unreviewed
CVE-2020-23171
was published
May 24, 2022
An arbitrary file deletion vulnerability exists within Maccms10.
Moderate
Unreviewed
CVE-2020-21363
was published
May 24, 2022
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote...
Moderate
Unreviewed
CVE-2022-30245
was published
Jul 16, 2022
A vulnerability, which was classified as problematic, was found in FileZilla Server up to 0.9.50....
Moderate
Unreviewed
CVE-2015-10003
was published
Jul 18, 2022
An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6...
Moderate
Unreviewed
CVE-2022-28710
was published
Aug 23, 2022
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of...
Moderate
Unreviewed
CVE-2022-32761
was published
Aug 23, 2022
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be...
Moderate
Unreviewed
CVE-2022-2638
was published
Aug 29, 2022
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary...
Moderate
Unreviewed
CVE-2022-2943
was published
Sep 7, 2022
ILIAS before 7.16 allows External Control of File Name or Path.
Moderate
Unreviewed
CVE-2022-45918
was published
Dec 7, 2022
In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a...
Moderate
Unreviewed
CVE-2022-20199
was published
Dec 20, 2022
When receiving an HTML email that contained an <code>iframe</code> element, which used a <code...
Moderate
Unreviewed
CVE-2022-3032
was published
Dec 22, 2022
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an...
Moderate
Unreviewed
CVE-2023-0003
was published
Feb 8, 2023
ProTip!
Advisories are also available from the
GraphQL API