Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,029
Erlang
29
GitHub Actions
16
Go
1,833
Maven
5,000+
npm
3,573
NuGet
632
pip
3,160
Pub
10
RubyGems
847
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

56 advisories

Loading
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to... Moderate Unreviewed
CVE-2021-24966 was published Mar 15, 2022
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form... Moderate Unreviewed
CVE-2022-0593 was published Mar 15, 2022
Arbitrary File Deletion vulnerability in OctoberCMS Moderate
CVE-2020-5296 was published for october/cms (Composer) Jun 3, 2020
staz0t
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported... Moderate Unreviewed
CVE-2022-0246 was published Apr 12, 2022
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of... Moderate Unreviewed
CVE-2022-34765 was published Jul 14, 2022
An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6... Moderate Unreviewed
CVE-2022-28710 was published Aug 23, 2022
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be... Moderate Unreviewed
CVE-2022-2638 was published Aug 29, 2022
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of... Moderate Unreviewed
CVE-2022-32761 was published Aug 23, 2022
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights Moderate
CVE-2021-21343 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible Moderate
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in... Moderate Unreviewed
CVE-2021-4332 was published Mar 7, 2023
Juju controller - Arbitrary file reading vulnerability Moderate
CVE-2023-0092 was published for github.com/juju/juju (Go) Mar 1, 2023
yhy0
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2021-27250 was published May 24, 2022
Dompdf before v2.0.0 vulnerable to chroot check bypass Moderate
CVE-2022-2400 was published for dompdf/dompdf (Composer) Jul 19, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar... Moderate Unreviewed
CVE-2022-0377 was published Mar 1, 2022
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2022-2943 was published Sep 7, 2022
ingress-nginx component for Kubernetes allows file overwrite Moderate
CVE-2020-8553 was published for k8s.io/ingress-nginx (Go) May 24, 2022
Cortex's Alertmanager can expose local files content via specially crafted config Moderate
CVE-2022-23536 was published for github.com/cortexproject/cortex (Go) Dec 19, 2022
aus
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0... Moderate Unreviewed
CVE-2023-2152 was published Apr 18, 2023
A vulnerability, which was classified as critical, has been found in SourceCodester Resort... Moderate Unreviewed
CVE-2023-4191 was published Aug 7, 2023
This external control vulnerability, if exploited, could allow a local OS-authenticated user... Moderate Unreviewed
CVE-2023-34982 was published Nov 15, 2023
A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been... Moderate Unreviewed
CVE-2023-6618 was published Dec 8, 2023
A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as... Moderate Unreviewed
CVE-2024-0265 was published Jan 7, 2024
An information disclosure vulnerability exists in the aVideoEncoder.json.php chunkFile path... Moderate Unreviewed
CVE-2023-47171 was published Jan 10, 2024
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage.json.php image... Moderate Unreviewed
CVE-2023-49864 was published Jan 10, 2024
ProTip! Advisories are also available from the GraphQL API