GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,872
Erlang
29
GitHub Actions
16
Go
1,722
Maven
4,951
npm
3,481
NuGet
605
pip
3,047
Pub
10
RubyGems
832
Rust
777
Swift
34
Unreviewed advisories
All unreviewed
5,000+
88 advisories
Filter by severity
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link...
High
Unreviewed
CVE-2023-49133
was published
Apr 9, 2024
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link...
High
Unreviewed
CVE-2023-49134
was published
Apr 9, 2024
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF
High
CVE-2024-28184
was published
for
weasyprint
(pip)
Mar 8, 2024
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php
High
CVE-2024-24821
was published
for
composer/composer
(Composer)
Feb 8, 2024
Breaking unlinkability in Identity Mixer using malicious keys
Low
CVE-2022-31021
was published
for
anoncreds-clsignatures
(Rust)
Jan 16, 2024
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0...
High
Unreviewed
CVE-2023-6971
was published
Dec 23, 2023
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6...
High
Unreviewed
CVE-2023-4591
was published
Nov 3, 2023
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation...
Critical
Unreviewed
CVE-2023-45798
was published
Oct 30, 2023
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows...
High
Unreviewed
CVE-2023-33559
was published
Oct 26, 2023
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and...
High
Unreviewed
CVE-2023-5523
was published
Oct 20, 2023
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to,...
Critical
Unreviewed
CVE-2023-4488
was published
Oct 20, 2023
Apache HDFS Provider error message suggested
High
CVE-2023-41267
was published
for
apache-airflow-providers-apache-hdfs
(pip)
Sep 14, 2023
There is insufficient sanitization of tainted file names that are directly concatenated with a...
High
Unreviewed
CVE-2023-2453
was published
Sep 5, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer...
Moderate
Unreviewed
CVE-2023-31170
was published
Aug 31, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer...
Moderate
Unreviewed
CVE-2023-31168
was published
Aug 31, 2023
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration...
High
Unreviewed
CVE-2023-36609
was published
Jul 3, 2023
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request...
High
Unreviewed
CVE-2023-2249
was published
Jun 9, 2023
PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1.
High
Unreviewed
CVE-2023-2551
was published
May 5, 2023
Broad access controls could allow site users to directly interact with the system Apache...
High
Unreviewed
CVE-2022-46302
was published
Apr 20, 2023
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows...
High
Unreviewed
CVE-2022-30037
was published
Mar 23, 2023
OpenStack Glance Inclusion of Functionality from Untrusted Control Sphere vulnerability
Low
CVE-2022-4134
was published
for
glance
(pip)
Mar 7, 2023
Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential...
High
Unreviewed
CVE-2022-41216
was published
Feb 22, 2023
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1...
Moderate
Unreviewed
CVE-2023-21440
was published
Feb 9, 2023
Certain General Electric Renewable Energy products have a hidden feature for unauthenticated...
Critical
Unreviewed
CVE-2022-24119
was published
Dec 26, 2022
A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos...
High
Unreviewed
CVE-2022-22246
was published
Oct 18, 2022
ProTip!
Advisories are also available from the
GraphQL API