GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+
112 advisories
Filter by severity
External Control of File Name or Path in h2oai/h2o-3
Critical
CVE-2023-6569
was published
for
h2o
(pip)
Dec 14, 2023
This external control vulnerability, if exploited, could allow a local OS-authenticated user...
Moderate
Unreviewed
CVE-2023-34982
was published
Nov 15, 2023
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple...
High
Unreviewed
CVE-2023-5247
was published
Nov 30, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit...
High
Unreviewed
CVE-2023-40194
was published
Nov 27, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit...
High
Unreviewed
CVE-2023-35985
was published
Nov 27, 2023
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356....
High
Unreviewed
CVE-2023-39542
was published
Nov 27, 2023
A vulnerability, which was classified as critical, has been found in SourceCodester Resort...
Moderate
Unreviewed
CVE-2023-4191
was published
Aug 7, 2023
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0...
Moderate
Unreviewed
CVE-2023-2152
was published
Apr 18, 2023
External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.
High
Unreviewed
CVE-2023-2554
was published
May 5, 2023
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This...
High
Unreviewed
CVE-2023-3643
was published
Jul 12, 2023
Cortex's Alertmanager can expose local files content via specially crafted config
Moderate
CVE-2022-23536
was published
for
github.com/cortexproject/cortex
(Go)
Dec 19, 2022
ingress-nginx component for Kubernetes allows file overwrite
Moderate
CVE-2020-8553
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2022
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary...
Moderate
Unreviewed
CVE-2022-2943
was published
Sep 7, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar...
Moderate
Unreviewed
CVE-2022-0377
was published
Mar 1, 2022
Dompdf before v2.0.0 vulnerable to chroot check bypass
Moderate
CVE-2022-2400
was published
for
dompdf/dompdf
(Composer)
Jul 19, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on...
Moderate
Unreviewed
CVE-2021-27250
was published
May 24, 2022
Yapscan's report receiver server vulnerable to path traversal and log injection
High
GHSA-9h6h-9g78-86f7
was published
for
github.com/fkie-cad/yapscan
(Go)
Dec 29, 2022
Juju controller - Arbitrary file reading vulnerability
Moderate
CVE-2023-0092
was published
for
github.com/juju/juju
(Go)
Mar 1, 2023
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in...
Moderate
Unreviewed
CVE-2021-4332
was published
Mar 7, 2023
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
High
Unreviewed
CVE-2023-1105
was published
Mar 1, 2023
TeamPass External Control of File Name or Path vulnerability
High
CVE-2023-1070
was published
for
nilsteampassnet/teampass
(Composer)
Feb 27, 2023
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
Moderate
CVE-2021-21343
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of...
Moderate
Unreviewed
CVE-2022-32761
was published
Aug 23, 2022
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up...
High
Unreviewed
CVE-2022-2431
was published
Sep 7, 2022
ProTip!
Advisories are also available from the
GraphQL API