Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
39
GitHub Actions
38
Go
2,680
Maven
5,000+
npm
4,300
NuGet
760
pip
4,078
Pub
12
RubyGems
958
Rust
1,061
Swift
45
Unreviewed advisories
All unreviewed
5,000+

369 advisories

Loading
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input... Moderate Unreviewed
CVE-2022-4108 was published Dec 19, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation... High Unreviewed
CVE-2022-4106 was published Dec 19, 2022
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https:... High Unreviewed
CVE-2022-45227 was published Dec 12, 2022
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030... High Unreviewed
CVE-2022-44356 was published Nov 29, 2022
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive... High Unreviewed
CVE-2022-3691 was published Nov 21, 2022
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. High Unreviewed
CVE-2022-44583 was published Nov 19, 2022
Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF High
CVE-2022-45129 was published for fish.payara.distributions:payara (Maven) Nov 10, 2022
tstoney-exiger
Credited to tstoney-exiger
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via... Moderate Unreviewed
CVE-2022-43449 was published Nov 4, 2022
Markdownify has Files or Directories Accessible to External Parties Moderate
CVE-2022-41710 was published for electron-markdownify (npm) Nov 4, 2022
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an... Moderate Unreviewed
CVE-2022-23738 was published Nov 1, 2022
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows... Moderate Unreviewed
CVE-2022-37424 was published Oct 28, 2022
Jenkins NUnit Plugin vulnerable to Protection Mechanism Failure Moderate
CVE-2022-43414 was published for org.jenkins-ci.plugins:nunit (Maven) Oct 19, 2022
The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly... Moderate Unreviewed
CVE-2022-2834 was published Oct 17, 2022
There is a file inclusion vulnerability in the template management module in UCMS 1.6 High Unreviewed
CVE-2022-42234 was published Oct 14, 2022
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded... Moderate Unreviewed
CVE-2022-2981 was published Oct 11, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows... High Unreviewed
CVE-2022-40126 was published Sep 30, 2022
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated... Moderate Unreviewed
CVE-2022-3287 was published Sep 29, 2022
Dompdf allows remote file inclusion because URI validation failure does not halt font registration High
CVE-2022-41343 was published for dompdf/dompdf (Composer) Sep 26, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi... High Unreviewed
CVE-2022-36552 was published Aug 31, 2022
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how... High Unreviewed
CVE-2022-1117 was published Aug 29, 2022
Keycloak has Files or Directories Accessible to External Parties Moderate
CVE-2021-3856 was published for org.keycloak:keycloak-core (Maven) Aug 27, 2022
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation... High Unreviewed
CVE-2021-4112 was published Aug 26, 2022
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak... High Unreviewed
CVE-2021-3800 was published Aug 24, 2022
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file... Moderate Unreviewed
CVE-2022-2392 was published Aug 23, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain... Moderate Unreviewed
CVE-2022-22490 was published Aug 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database