Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
3,967
Erlang
29
GitHub Actions
16
Go
1,749
Maven
4,978
npm
3,509
NuGet
609
pip
3,076
Pub
10
RubyGems
832
Rust
781
Swift
34
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Moderate Unreviewed
CVE-2024-35650 was published Jun 10, 2024
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-31168 was published Aug 31, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-31170 was published Aug 31, 2023
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1... Moderate Unreviewed
CVE-2023-21440 was published Feb 9, 2023
The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user... Moderate Unreviewed
CVE-2022-37191 was published Sep 14, 2022
Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier,... Moderate Unreviewed
CVE-2021-20843 was published May 24, 2022
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... Moderate Unreviewed
CVE-2021-29777 was published May 24, 2022
An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed
CVE-2021-31927 was published May 24, 2022
If an image had not loaded correctly (such as when it is not actually an image), it could be... Moderate Unreviewed
CVE-2019-17014 was published May 24, 2022
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace... Moderate Unreviewed
CVE-2019-16951 was published May 24, 2022
A same-origin policy violation occurs allowing the theft of cross-origin images through a... Moderate Unreviewed
CVE-2019-11742 was published May 24, 2022
IBM Content Navigator 3.0CD is vulnerable to local file inclusion, allowing an attacker to access... Moderate Unreviewed
CVE-2019-4263 was published May 24, 2022
An information disclosure vulnerability exists when affected Microsoft browsers improperly allow... Moderate Unreviewed
CVE-2018-8351 was published May 13, 2022
In Progress Ipswitch WhatsUp Gold 21.1.0 through 21.1.1, and 22.0.0, it is possible for an... Moderate Unreviewed
CVE-2022-29845 was published May 12, 2022
A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,... Moderate Unreviewed
CVE-2021-29113 was published Dec 8, 2021
Inclusion of Functionality from Untrusted Control Sphere in CKEditor 4 Moderate
CVE-2021-26272 was published for ckeditor4 (npm) Oct 13, 2021
Command Injection in @theia/messages Moderate
CVE-2021-28162 was published for @theia/messages (npm) May 10, 2021
Local File read vulnerability in OctoberCMS Moderate
CVE-2020-5295 was published for october/cms (Composer) Jun 3, 2020
staz0t
Insecure Default Configuration in tesseract.js Moderate
GHSA-83rx-c8cr-6j8q was published for tesseract.js (npm) Jun 5, 2019
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2018-11040 was published for org.springframework:spring-core (Maven) Oct 16, 2018
sunSUNQ SunBK201
ProTip! Advisories are also available from the GraphQL API