GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
34 advisories
Filter by severity
The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all...
High
Unreviewed
CVE-2024-4887
was published
Jun 7, 2024
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This...
High
Unreviewed
CVE-2023-42125
was published
May 3, 2024
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of...
Critical
Unreviewed
CVE-2022-30257
was published
Nov 22, 2022
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of...
Critical
Unreviewed
CVE-2022-30258
was published
Nov 22, 2022
Allows a remote user to read files on the camera's OS "GetFileContent.cgi". Reading arbitrary...
Moderate
Unreviewed
CVE-2022-30621
was published
Jul 19, 2022
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when...
High
Unreviewed
CVE-2022-27778
was published
Jun 3, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)...
Moderate
Unreviewed
CVE-2021-37215
was published
May 24, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37213
was published
May 24, 2022
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability....
Moderate
Unreviewed
CVE-2021-37212
was published
May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)...
High
Unreviewed
CVE-2021-37214
was published
May 24, 2022
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse,...
High
Unreviewed
CVE-2021-22924
was published
May 24, 2022
CSZ CMS 1.2.9 is vulnerable to Arbitrary File Deletion. This occurs in PHP when the unlink()...
Critical
Unreviewed
CVE-2021-37144
was published
May 24, 2022
Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object...
Moderate
Unreviewed
CVE-2021-35337
was published
May 24, 2022
Firely/Incendi Spark before 1.5.5-r4 lacks Content-Disposition headers in certain situations,...
Moderate
Unreviewed
CVE-2021-32054
was published
May 24, 2022
The IBM Cloud APM 8.1.4 server will issue a DNS request to resolve any hostname specified in the...
Moderate
Unreviewed
CVE-2020-4719
was published
May 24, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An...
Moderate
Unreviewed
CVE-2020-35566
was published
May 24, 2022
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10...
High
Unreviewed
CVE-2020-15505
was published
May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles...
High
Unreviewed
CVE-2020-12278
was published
May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles...
High
Unreviewed
CVE-2020-12279
was published
May 24, 2022
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't...
Critical
Unreviewed
CVE-2020-10574
was published
May 24, 2022
The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote...
Moderate
Unreviewed
CVE-2019-12837
was published
May 24, 2022
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This...
High
Unreviewed
CVE-2019-17575
was published
May 24, 2022
A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a...
Moderate
Unreviewed
CVE-2019-0220
was published
May 24, 2022
Authenticated (admin or higher user role) Local File Inclusion (LFI) vulnerability in Wow-Company...
Moderate
Unreviewed
CVE-2022-29448
was published
May 21, 2022
Authenticated (administrator or higher role) Local File Inclusion (LFI) vulnerability in Wow...
High
Unreviewed
CVE-2022-29445
was published
May 19, 2022
ProTip!
Advisories are also available from the
GraphQL API