Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

578 advisories

Loading
The downloadZip function in application/controllers/admin/export.php in LimeSurvey through 3.16.1... Critical Unreviewed
CVE-2019-9960 was published May 13, 2022
An Insecure Direct Object Reference (IDOR) vulnerability exists in Zoho ManageEngine ServiceDesk... Critical Unreviewed
CVE-2019-8395 was published May 13, 2022
An Information Disclosure / Data Modification issue exists in article2pdf_getfile.php in the... Critical Unreviewed
CVE-2019-1010257 was published May 13, 2022
In OnlineJudge 2.0, the sandbox has an incorrect access control vulnerability that can write a... Critical Unreviewed
CVE-2018-16367 was published May 13, 2022
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly... Critical Unreviewed
CVE-2015-9266 was published May 13, 2022
Multiple directory traversal vulnerabilities in Trend Micro Smart Protection Server 2.5 before... Critical Unreviewed
CVE-2016-6269 was published May 13, 2022
The Widget Connector macro in Atlassian Confluence Server before version 6.6.12 (the fixed... Critical Unreviewed
CVE-2019-3396 was published May 13, 2022
Sysaid – Sysaid Local File Inclusion (LFI) – An unauthenticated attacker can access to the system... Critical Unreviewed
CVE-2022-23166 was published May 13, 2022
MicroStrategy Enterprise Manager 2022 allows authentication bypass by triggering a login failure... Critical Unreviewed
CVE-2022-29596 was published May 12, 2022
The lack of sanitization in a relative url path in a search parameter allows for arbitrary... Critical Unreviewed
CVE-2022-26889 was published May 7, 2022
A Symlink Traversal vulnerability exists in NETGEAR Centria WNDR4700 Firmware 1.0.0.34. Critical Unreviewed
CVE-2013-3073 was published May 5, 2022
Symlink Traversal vulnerability in TP-LINK TL-WDR4300 and TL-1043ND.. Critical Unreviewed
CVE-2013-4654 was published May 5, 2022
Linksys EA6500 has SMB Symlink Traversal allowing symbolic links to be created to locations... Critical Unreviewed
CVE-2013-4658 was published May 5, 2022
The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass... Critical Unreviewed
CVE-2004-0847 was published Apr 29, 2022
ZoneMinder before 1.36.13 allows remote code execution via an invalid language. Critical Unreviewed
CVE-2022-29806 was published Apr 27, 2022
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter... Critical Unreviewed
CVE-2022-1391 was published Apr 26, 2022
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter... Critical Unreviewed
CVE-2022-1390 was published Apr 26, 2022
ytnef has directory traversal Critical Unreviewed
CVE-2009-3887 was published Apr 21, 2022
Certain WSO2 products allow unrestricted file upload with resultant remote code execution. This... Critical Unreviewed
CVE-2022-29464 was published Apr 20, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a... Critical Unreviewed
CVE-2021-43290 was published Apr 15, 2022
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes... Critical Unreviewed
CVE-2021-43741 was published Apr 14, 2022
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Critical Unreviewed
CVE-2021-22794 was published Apr 14, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27277 was published Apr 11, 2022
Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which... Critical Unreviewed
CVE-2021-36288 was published Apr 9, 2022
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path... Critical Unreviewed
CVE-2022-0679 was published Mar 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database