GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 24,759
Composer 5,034
Erlang 39
GitHub Actions 38
Go 2,680
Maven 6,120
npm 4,300
NuGet 760
pip 4,078
Pub 12
RubyGems 958
Rust 1,061
Swift 45

Unreviewed advisories

All unreviewed 278,163

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

369 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

The function AdminGetFirstFileContentByFilePath in MIK.starlight 7.9.5.24363 allows (by design)... Moderate Unreviewed

CVE-2021-36233 was published May 24, 2022

An information disclosure vulnerability in rConfig 3.9.5 has been fixed for version 3.9.6. This... Moderate Unreviewed

CVE-2020-25351 was published May 24, 2022

A vulnerability in the \inc\config.php component of joyplus-cms v1.6 allows attackers to access... High Unreviewed

CVE-2020-22124 was published May 24, 2022

In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files. High Unreviewed

CVE-2021-38711 was published May 24, 2022

Nagios XI before version 5.8.5 is vulnerable to local file inclusion through improper limitation... High Unreviewed

CVE-2021-37348 was published May 24, 2022

Dell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control... High Unreviewed

CVE-2021-36276 was published May 24, 2022

If Thunderbird was configured to use STARTTLS for an IMAP connection, and an attacker injected... Moderate Unreviewed

CVE-2021-29969 was published May 24, 2022

In CODESYS V3 web server before 3.5.17.10, files or directories are accessible to External Parties. High Unreviewed

CVE-2021-36763 was published May 24, 2022

A vulnerability exists in gowitness < 2.3.6 that allows an unauthenticated attacker to perform an... High Unreviewed

CVE-2021-33359 was published May 24, 2022

Incorrect access to deleted scripts vulnerability in McAfee Database Security (DBSec) prior to 4... High Unreviewed

CVE-2021-31831 was published May 24, 2022

It has been discovered that redhat-certification does not restrict file access in the /update... Critical Unreviewed

CVE-2018-10867 was published May 24, 2022

It has been discovered that redhat-certification is not properly configured and it lists all... High Unreviewed

CVE-2018-10863 was published May 24, 2022

In InvoicePlane 1.5.11 a misconfigured web server allows unauthenticated directory listing and... High Unreviewed

CVE-2021-29024 was published May 24, 2022

A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker... Moderate Unreviewed

CVE-2021-1512 was published May 24, 2022

A vulnerability in the CLI of Cisco Firepower Threat Defense (FTD) Software could allow an... Moderate Unreviewed

CVE-2021-1256 was published May 24, 2022

The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before... Moderate Unreviewed

CVE-2021-24154 was published May 24, 2022

A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local... Moderate Unreviewed

CVE-2021-1434 was published May 24, 2022

It has been discovered in redhat-certification that any unauthorized user may download any file... Moderate Unreviewed

CVE-2019-3897 was published May 24, 2022

A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape... High Unreviewed

CVE-2021-20253 was published May 24, 2022

A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000... Critical Unreviewed

CVE-2021-1361 was published May 24, 2022

Directory Indexing in Login Portal of Login Portal of TOTOLINK-A702R-V1.0.0-B20161227.1023 allows... Moderate Unreviewed

CVE-2020-27368 was published May 24, 2022

An issue was discovered in Aviatrix Controller before R5.4.1290. The htaccess protection... High Unreviewed

CVE-2020-26549 was published May 24, 2022

Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior... Moderate Unreviewed

CVE-2020-1908 was published May 24, 2022

Dell EMC NetWorker versions prior to 19.3.0.2 contain an incorrect privilege assignment... Moderate Unreviewed

CVE-2020-26182 was published May 24, 2022

Dell EMC NetWorker versions prior to 19.3.0.2 contain an improper authorization vulnerability.... Moderate Unreviewed

CVE-2020-26183 was published May 24, 2022

Previous 1…11…15 Next

Previous 1 2 … 9 10 11 12 13 14 15 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

369 advisories