Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,335
Erlang
31
GitHub Actions
22
Go
2,096
Maven
5,000+
npm
3,762
NuGet
678
pip
3,448
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

237 advisories

Loading
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient... Moderate Unreviewed
CVE-2022-45052 was published Jan 4, 2023
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it... Moderate Unreviewed
CVE-2022-4236 was published Jan 3, 2023
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it... High Unreviewed
CVE-2022-4140 was published Jan 3, 2023
Some Dahua software products have a vulnerability of unrestricted download of file. After... Moderate Unreviewed
CVE-2022-45426 was published Dec 27, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation... High Unreviewed
CVE-2022-4106 was published Dec 19, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input... Moderate Unreviewed
CVE-2022-4108 was published Dec 19, 2022
The web portal of Dragino Lora LG01 18ed40 IoT v4.3.4 has the directory listing at the URL https:... High Unreviewed
CVE-2022-45227 was published Dec 12, 2022
WAVLINK Quantum D4G (WL-WN531G3) running firmware versions M31G3.V5030.201204 and M31G3.V5030... High Unreviewed
CVE-2022-44356 was published Nov 29, 2022
The DeepL Pro API translation plugin WordPress plugin before 1.7.5 discloses sensitive... High Unreviewed
CVE-2022-3691 was published Nov 21, 2022
Unauth. Arbitrary File Download vulnerability in WatchTowerHQ plugin <= 3.6.15 on WordPress. High Unreviewed
CVE-2022-44583 was published Nov 19, 2022
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF... High Unreviewed
CVE-2022-45129 was published Nov 10, 2022
OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via... Moderate Unreviewed
CVE-2022-43449 was published Nov 4, 2022
An improper cache key vulnerability was identified in GitHub Enterprise Server that allowed an... Moderate Unreviewed
CVE-2022-23738 was published Nov 1, 2022
Files or Directories Accessible to External Parties vulnerability in OpenNebula on Linux allows... Moderate Unreviewed
CVE-2022-37424 was published Oct 28, 2022
The Helpful WordPress plugin before 4.5.26 puts the exported logs and feedbacks in a publicly... Moderate Unreviewed
CVE-2022-2834 was published Oct 17, 2022
There is a file inclusion vulnerability in the template management module in UCMS 1.6 High Unreviewed
CVE-2022-42234 was published Oct 14, 2022
The Download Monitor WordPress plugin before 4.5.98 does not ensure that files to be downloaded... Moderate Unreviewed
CVE-2022-2981 was published Oct 11, 2022
A misconfiguration in the Service Mode profile directory of Clash for Windows v0.19.9 allows... High Unreviewed
CVE-2022-40126 was published Sep 30, 2022
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated... Moderate Unreviewed
CVE-2022-3287 was published Sep 29, 2022
Tenda AC6(AC1200) v5.0 Firmware v02.03.01.114 and below contains an issue in the component /cgi... High Unreviewed
CVE-2022-36552 was published Aug 31, 2022
A vulnerability was found in fapolicyd. The vulnerability occurs due to an assumption on how... High Unreviewed
CVE-2022-1117 was published Aug 29, 2022
A flaw was found in ansible-tower where the default installation is vulnerable to job isolation... High Unreviewed
CVE-2021-4112 was published Aug 26, 2022
A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak... High Unreviewed
CVE-2021-3800 was published Aug 24, 2022
The Lana Downloads Manager WordPress plugin before 1.8.0 is affected by an arbitrary file... Moderate Unreviewed
CVE-2022-2392 was published Aug 23, 2022
IBM Robotic Process Automation 21.0.0, 21.0.1, and 21.0.2 could allow a privileged user to obtain... Moderate Unreviewed
CVE-2022-22490 was published Aug 11, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database