GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,218
Erlang
31
GitHub Actions
19
Go
1,988
Maven
5,000+
npm
3,704
NuGet
661
pip
3,332
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
16 advisories
Filter by severity
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access...
Moderate
Unreviewed
CVE-2024-5693
was published
Jun 11, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Moderate
Unreviewed
CVE-2024-35650
was published
Jun 10, 2024
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer...
Moderate
Unreviewed
CVE-2023-31168
was published
Aug 31, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer...
Moderate
Unreviewed
CVE-2023-31170
was published
Aug 31, 2023
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace...
Moderate
Unreviewed
CVE-2019-16951
was published
May 24, 2022
A same-origin policy violation occurs allowing the theft of cross-origin images through a...
Moderate
Unreviewed
CVE-2019-11742
was published
May 24, 2022
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1...
Moderate
Unreviewed
CVE-2023-21440
was published
Feb 9, 2023
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access...
Moderate
Unreviewed
CVE-2019-4263
was published
May 24, 2022
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow...
Moderate
Unreviewed
CVE-2018-8351
was published
May 13, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an...
Moderate
Unreviewed
CVE-2022-29845
was published
May 12, 2022
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier,...
Moderate
Unreviewed
CVE-2021-20843
was published
May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5...
Moderate
Unreviewed
CVE-2021-29777
was published
May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience...
Moderate
Unreviewed
CVE-2021-31927
was published
May 24, 2022
If an image had not loaded correctly (such as when it is not actually an image), it could be...
Moderate
Unreviewed
CVE-2019-17014
was published
May 24, 2022
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user...
Moderate
Unreviewed
CVE-2022-37191
was published
Sep 14, 2022
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,...
Moderate
Unreviewed
CVE-2021-29113
was published
Dec 8, 2021
ProTip!
Advisories are also available from the
GraphQL API