Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+

88 advisories

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link... High Unreviewed
CVE-2023-49133 was published Apr 9, 2024
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link... High Unreviewed
CVE-2023-49134 was published Apr 9, 2024
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF High
CVE-2024-28184 was published for weasyprint (pip) Mar 8, 2024
nullie
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php High
CVE-2024-24821 was published for composer/composer (Composer) Feb 8, 2024
edonsec
Breaking unlinkability in Identity Mixer using malicious keys Low
CVE-2022-31021 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0... High Unreviewed
CVE-2023-6971 was published Dec 23, 2023
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6... High Unreviewed
CVE-2023-4591 was published Nov 3, 2023
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation... Critical Unreviewed
CVE-2023-45798 was published Oct 30, 2023
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows... High Unreviewed
CVE-2023-33559 was published Oct 26, 2023
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and... High Unreviewed
CVE-2023-5523 was published Oct 20, 2023
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to,... Critical Unreviewed
CVE-2023-4488 was published Oct 20, 2023
Apache HDFS Provider error message suggested High
CVE-2023-41267 was published for apache-airflow-providers-apache-hdfs (pip) Sep 14, 2023
oscerd
There is insufficient sanitization of tainted file names that are directly concatenated with a... High Unreviewed
CVE-2023-2453 was published Sep 5, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-31170 was published Aug 31, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-31168 was published Aug 31, 2023
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration... High Unreviewed
CVE-2023-36609 was published Jul 3, 2023
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request... High Unreviewed
CVE-2023-2249 was published Jun 9, 2023
PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. High Unreviewed
CVE-2023-2551 was published May 5, 2023
Broad access controls could allow site users to directly interact with the system Apache... High Unreviewed
CVE-2022-46302 was published Apr 20, 2023
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows... High Unreviewed
CVE-2022-30037 was published Mar 23, 2023
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability Low
CVE-2022-4134 was published for glance (pip) Mar 7, 2023
Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential... High Unreviewed
CVE-2022-41216 was published Feb 22, 2023
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1... Moderate Unreviewed
CVE-2023-21440 was published Feb 9, 2023
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated... Critical Unreviewed
CVE-2022-24119 was published Dec 26, 2022
A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos... High Unreviewed
CVE-2022-22246 was published Oct 18, 2022
ProTip! Advisories are also available from the GraphQL API