Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,714
Erlang
34
GitHub Actions
28
Go
2,300
Maven
5,000+
npm
3,942
NuGet
708
pip
3,711
Pub
12
RubyGems
920
Rust
960
Swift
38
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
XunRuiCMS v4.3.3 to v4.5.1 vulnerable to PHP file write and CMS PHP file inclusion, allows... High Unreviewed
CVE-2022-30037 was published Mar 23, 2023
Local File Inclusion vulnerability within Cloudflow allows attackers to retrieve confidential... High Unreviewed
CVE-2022-41216 was published Feb 22, 2023
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1... Low Unreviewed
CVE-2022-33701 was published Jul 13, 2022
Embedded malware in ua-parser-js High
GHSA-pjwm-rvh2-c87w was published for ua-parser-js (npm) Oct 22, 2021
xtqqczze
paranoid2 gem Code backdoor Critical
CVE-2019-13589 was published for paranoid2 (RubyGems) Jul 16, 2019
Unintended Require in larvitbase-api High
CVE-2019-5479 was published for larvitbase-api (npm) Sep 11, 2019
PHP Remote File Inclusion in GitHub repository unilogies/bumsys prior to 2.1.1. High Unreviewed
CVE-2023-2551 was published May 5, 2023
In Yettiesoft VestCert versions 2.36 to 2.5.29, a vulnerability exists due to improper validation... Critical Unreviewed
CVE-2023-45798 was published Oct 30, 2023
A local file inclusion vulnerability has been found in WPN-XM Serverstack affecting version 0.8.6... High Unreviewed
CVE-2023-4591 was published Nov 3, 2023
The Backup Migration plugin for WordPress is vulnerable to Remote File Inclusion in versions 1.0... High Unreviewed
CVE-2023-6971 was published Dec 23, 2023
Breaking unlinkability in Identity Mixer using malicious keys Low
CVE-2022-31021 was published for anoncreds-clsignatures (Rust) Jan 16, 2024
PHPMailer untrusted code may be run from an overridden address validator High
CVE-2021-3603 was published for phpmailer/phpmailer (Composer) Jun 22, 2021
0xcrypto
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2)... High Unreviewed
CVE-2004-0285 was published Apr 29, 2022
Composer code execution and possible privilege escalation via compromised InstalledVersions.php or installed.php High
CVE-2024-24821 was published for composer/composer (Composer) Feb 8, 2024
edonsec
Magento remote code execution vulnerability High
CVE-2019-8154 was published for magento/community-edition (Composer) May 24, 2022
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and ... High Unreviewed
CVE-2004-0030 was published Apr 29, 2022
ruby193 uses an insecure LD_LIBRARY_PATH setting. Low Unreviewed
CVE-2013-1945 was published May 5, 2022
A same-origin policy violation occurs allowing the theft of cross-origin images through a... Moderate Unreviewed
CVE-2019-11742 was published May 24, 2022
A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace... Moderate Unreviewed
CVE-2019-16951 was published May 24, 2022
A vulnerability was found in ua-parser-js 0.7.29/0.8.0/1.0.0. It has been rated as critical. This... High Unreviewed
CVE-2021-4229 was published May 25, 2022
Broad access controls could allow site users to directly interact with the system Apache... High Unreviewed
CVE-2022-46302 was published Apr 20, 2023
The wpForo Forum plugin for WordPress is vulnerable to Local File Include, Server-Side Request... High Unreviewed
CVE-2023-2249 was published Jun 9, 2023
The affected TBox RTUs run OpenVPN with root privileges and can run user defined configuration... High Unreviewed
CVE-2023-36609 was published Jul 3, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-31170 was published Aug 31, 2023
An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer... Moderate Unreviewed
CVE-2023-31168 was published Aug 31, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database