Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,715
Erlang
34
GitHub Actions
28
Go
2,302
Maven
5,000+
npm
3,946
NuGet
711
pip
3,716
Pub
12
RubyGems
920
Rust
964
Swift
38
Unreviewed advisories
All unreviewed
5,000+

122 advisories

Loading
There is insufficient sanitization of tainted file names that are directly concatenated with a... High Unreviewed
CVE-2023-2453 was published Sep 5, 2023
A local file inclusion vulnerability via the lang parameter in OcoMon before v4.0.1 allows... High Unreviewed
CVE-2023-33559 was published Oct 26, 2023
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link... High Unreviewed
CVE-2023-49134 was published Apr 9, 2024
A command execution vulnerability exists in the tddpd enable_test_mode functionality of Tp-Link... High Unreviewed
CVE-2023-49133 was published Apr 9, 2024
The Dropbox Folder Share for WordPress is vulnerable to Local File Inclusion in versions up to,... Critical Unreviewed
CVE-2023-4488 was published Oct 20, 2023
Drupal Remote code execution High
CVE-2017-6381 was published for drupal/core (Composer) May 13, 2022
Moodle Arbitrary PHP code execution by site admins via Shibboleth configuration High
CVE-2021-20187 was published for moodle/moodle (Composer) May 24, 2022
Moderate severity vulnerability that affects org.springframework:spring-core Moderate
CVE-2018-11040 was published for org.springframework:spring-core (Maven) Oct 16, 2018
sunSUNQ SunBK201
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Critical Unreviewed
CVE-2024-35629 was published Jun 4, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... Moderate Unreviewed
CVE-2024-35650 was published Jun 10, 2024
An unauthenticated IEEE 802.15.4 'co-ordinator realignment' packet can be used to force Zigbee... High Unreviewed
CVE-2024-3043 was published Jun 27, 2024
Offscreen Canvas did not properly track cross-origin tainting, which could be used to access... Moderate Unreviewed
CVE-2024-5693 was published Jun 11, 2024
Inclusion of Untrusted polyfill.io Code Vulnerability in fides.js Low
CVE-2024-38537 was published for ethyca-fides (pip) Jul 2, 2024
In Eclipse p2, installable units are able to alter the Eclipse Platform installation and the... High Unreviewed
CVE-2021-41037 was published Jul 9, 2022
Anki Latex Incomplete Blocklist Vulnerability Moderate
CVE-2024-29073 was published for anki (pip) Jul 22, 2024
Jayy001
Zen Cart findPluginAdminPage Local File Inclusion Remote Code Execution Vulnerability. This... High Unreviewed
CVE-2024-5762 was published Aug 21, 2024
Execution of downloaded content flaw in M-Files Web Companion before release version 23.10 and... High Unreviewed
CVE-2023-5523 was published Oct 20, 2023
The Clean Login plugin for WordPress is vulnerable to Local File Inclusion in all versions up to,... High Unreviewed
CVE-2024-8252 was published Aug 30, 2024
Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server... High Unreviewed
CVE-2024-43690 was published Sep 11, 2024
The HTTPD binary in multiple ZTE routers has a local file inclusion vulnerability in session_init... High Unreviewed
CVE-2024-45416 was published Sep 16, 2024
Inclusion of functionality from untrusted control sphere vulnerability in OpenSSL DLL component... High Unreviewed
CVE-2022-49038 was published Sep 26, 2024
ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an... Critical Unreviewed
CVE-2024-9537 was published Oct 18, 2024
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-49243 was published Oct 18, 2024
Improper Locking in JetBrains Kotlin Moderate
CVE-2022-24329 was published for org.jetbrains.kotlin:kotlin-stdlib (Maven) Feb 26, 2022
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File... High Unreviewed
CVE-2024-50497 was published Oct 28, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database