Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js Low
CVE-2024-38537 was published for ethyca-fides (pip) Jul 2, 2024
Vulnerability in core of Apache HTTP Server 2.4.59 and earlier are vulnerably to information... Critical Unreviewed
CVE-2024-38476 was published Jul 1, 2024
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee... High Unreviewed
CVE-2024-3043 was published Jun 27, 2024
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access... Moderate Unreviewed
CVE-2024-5693 was published Jun 11, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Moderate Unreviewed
CVE-2024-35650 was published Jun 10, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2024-35629 was published Jun 4, 2024
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link... High Unreviewed
CVE-2023-49133 was published Apr 9, 2024
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link... High Unreviewed
CVE-2023-49134 was published Apr 9, 2024
WeasyPrint allows the attachment of arbitrary files and URLs to a PDF High
CVE-2024-28184 was published for weasyprint (pip) Mar 8, 2024
nullie
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php High
CVE-2024-24821 was published for composer/composer (Composer) Feb 8, 2024
edonsec
Breaking unlinkability in Identity Mixer using malicious keys Low
CVE-2022-31021 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0... High Unreviewed
CVE-2023-6971 was published Dec 23, 2023
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6... High Unreviewed
CVE-2023-4591 was published Nov 3, 2023
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation... Critical Unreviewed
CVE-2023-45798 was published Oct 30, 2023
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows... High Unreviewed
CVE-2023-33559 was published Oct 26, 2023
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and... High Unreviewed
CVE-2023-5523 was published Oct 20, 2023
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to,... Critical Unreviewed
CVE-2023-4488 was published Oct 20, 2023
Apache HDFS Provider error message suggested High
CVE-2023-41267 was published for apache-airflow-providers-apache-hdfs (pip) Sep 14, 2023
oscerd
There is insufficient sanitization of tainted file names that are directly concatenated with a... High Unreviewed
CVE-2023-2453 was published Sep 5, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-31170 was published Aug 31, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-31168 was published Aug 31, 2023
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration... High Unreviewed
CVE-2023-36609 was published Jul 3, 2023
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request... High Unreviewed
CVE-2023-2249 was published Jun 9, 2023
PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. High Unreviewed
CVE-2023-2551 was published May 5, 2023
Broad access controls could allow site users to directly interact with the system Apache... High Unreviewed
CVE-2022-46302 was published Apr 20, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database