Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,373
Erlang
33
GitHub Actions
22
Go
2,135
Maven
5,000+
npm
3,797
NuGet
687
pip
3,478
Pub
12
RubyGems
896
Rust
897
Swift
38
Unreviewed advisories
All unreviewed
5,000+

149 advisories

Loading
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image... Moderate Unreviewed
CVE-2023-49863 was published Jan 10, 2024
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image... Moderate Unreviewed
CVE-2023-49864 was published Jan 10, 2024
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and... High Unreviewed
CVE-2022-2633 was published Sep 7, 2022
In visitUris of Notification.java, there is a possible way to display images from another user... Moderate Unreviewed
CVE-2023-35668 was published Dec 5, 2023
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been... Moderate Unreviewed
CVE-2023-6618 was published Dec 8, 2023
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
This external control vulnerability, if exploited, could allow a local OS-authenticated user... Moderate Unreviewed
CVE-2023-34982 was published Nov 15, 2023
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple... High Unreviewed
CVE-2023-5247 was published Nov 30, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-35985 was published Nov 27, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-40194 was published Nov 27, 2023
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356.... High Unreviewed
CVE-2023-39542 was published Nov 27, 2023
In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused... Moderate Unreviewed
CVE-2023-40139 was published Oct 27, 2023
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0... Moderate Unreviewed
CVE-2023-2152 was published Apr 18, 2023
in-toto vulnerable to Configuration Read From Local Directory Moderate
CVE-2023-32076 was published for in-toto (pip) May 11, 2023
Local privilege escalation due to improper soft link handling. The following products are... Moderate Unreviewed
CVE-2023-44209 was published Oct 4, 2023
Local privilege escalation during recovery due to improper soft link handling. The following... Moderate Unreviewed
CVE-2022-46868 was published Aug 31, 2023
Sandbox Breakout in safe-eval Critical
CVE-2017-16088 was published for safe-eval (npm) Jul 18, 2018
ingress-nginx component for Kubernetes allows file overwrite Moderate
CVE-2020-8553 was published for k8s.io/ingress-nginx (Go) May 24, 2022
Hisuite module has a External Control of System or Configuration Setting vulnerability.Successful... Moderate Unreviewed
CVE-2021-37112 was published Jan 4, 2022
Password vault has a External Control of System or Configuration Setting vulnerability.Successful... High Unreviewed
CVE-2021-39971 was published Jan 4, 2022
A unintended proxy or intermediary ('confused deputy') in Fortinet FortiWeb version 6.4.1 and... Moderate Unreviewed
CVE-2021-36190 was published Dec 9, 2021
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2022-2943 was published Sep 7, 2022
Shopware XXE Vulnerability Moderate
CVE-2017-18357 was published for shopware/shopware (Composer) May 14, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar... Moderate Unreviewed
CVE-2022-0377 was published Mar 1, 2022
An unauthenticated remote attacker can use SMA 100 as an unintended proxy or intermediary... Critical Unreviewed
CVE-2021-20042 was published Dec 9, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database