GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 22,713
Composer 4,743
Erlang 35
GitHub Actions 29
Go 2,315
Maven 5,600
npm 3,949
NuGet 711
pip 3,729
Pub 12
RubyGems 920
Rust 965
Swift 38

Unreviewed advisories

All unreviewed 257,467

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

96 advisories

Filter by severity

Uh oh!

There was an error while loading. Please reload this page.

Sort by

Newest

Oldest

Recently updated

Least recently updated

Offscreen Canvas did not properly track cross-origin tainting, which could be used to access... Moderate Unreviewed

CVE-2024-5693 was published Jun 11, 2024

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Moderate Unreviewed

CVE-2024-35650 was published Jun 10, 2024

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed

CVE-2024-35629 was published Jun 4, 2024

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link... High Unreviewed

CVE-2023-49133 was published Apr 9, 2024

A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link... High Unreviewed

CVE-2023-49134 was published Apr 9, 2024

The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0... High Unreviewed

CVE-2023-6971 was published Dec 23, 2023

A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6... High Unreviewed

CVE-2023-4591 was published Nov 3, 2023

In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation... Critical Unreviewed

CVE-2023-45798 was published Oct 30, 2023

A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows... High Unreviewed

CVE-2023-33559 was published Oct 26, 2023

Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and... High Unreviewed

CVE-2023-5523 was published Oct 20, 2023

The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to,... Critical Unreviewed

CVE-2023-4488 was published Oct 20, 2023

There is insufficient sanitization of tainted file names that are directly concatenated with a... High Unreviewed

CVE-2023-2453 was published Sep 5, 2023

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed

CVE-2023-31168 was published Aug 31, 2023

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed

CVE-2023-31170 was published Aug 31, 2023

The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration... High Unreviewed

CVE-2023-36609 was published Jul 3, 2023

The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request... High Unreviewed

CVE-2023-2249 was published Jun 9, 2023

PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. High Unreviewed

CVE-2023-2551 was published May 5, 2023

Broad access controls could allow site users to directly interact with the system Apache... High Unreviewed

CVE-2022-46302 was published Apr 20, 2023

XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows... High Unreviewed

CVE-2022-30037 was published Mar 23, 2023

Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential... High Unreviewed

CVE-2022-41216 was published Feb 22, 2023

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1... Moderate Unreviewed

CVE-2023-21440 was published Feb 9, 2023

Certain General Electric Renewable Energy products have a hidden feature for unauthenticated... Critical Unreviewed

CVE-2022-24119 was published Dec 26, 2022

An iframe that was not permitted to run scripts could do so if the user clicked on a <code... High Unreviewed

CVE-2022-34468 was published Dec 22, 2022

A PHP Local File Inclusion (LFI) vulnerability in the J-Web component of Juniper Networks Junos... High Unreviewed

CVE-2022-22246 was published Oct 18, 2022

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user... Moderate Unreviewed

CVE-2022-37191 was published Sep 14, 2022

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

96 advisories