Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,083
Erlang
29
GitHub Actions
19
Go
1,909
Maven
5,000+
npm
3,643
NuGet
638
pip
3,260
Pub
10
RubyGems
869
Rust
820
Swift
35
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
External Control of File Name or Path in h2oai/h2o-3 Critical
CVE-2023-6569 was published for h2o (pip) Dec 14, 2023
This external control vulnerability, if exploited, could allow a local OS-authenticated user... Moderate Unreviewed
CVE-2023-34982 was published Nov 15, 2023
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple... High Unreviewed
CVE-2023-5247 was published Nov 30, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-40194 was published Nov 27, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-35985 was published Nov 27, 2023
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356.... High Unreviewed
CVE-2023-39542 was published Nov 27, 2023
A vulnerability, which was classified as critical, has been found in SourceCodester Resort... Moderate Unreviewed
CVE-2023-4191 was published Aug 7, 2023
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0... Moderate Unreviewed
CVE-2023-2152 was published Apr 18, 2023
External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. High Unreviewed
CVE-2023-2554 was published May 5, 2023
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This... High Unreviewed
CVE-2023-3643 was published Jul 12, 2023
Cortex's Alertmanager can expose local files content via specially crafted config Moderate
CVE-2022-23536 was published for github.com/cortexproject/cortex (Go) Dec 19, 2022
aus
ingress-nginx component for Kubernetes allows file overwrite Moderate
CVE-2020-8553 was published for k8s.io/ingress-nginx (Go) May 24, 2022
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary... Moderate Unreviewed
CVE-2022-2943 was published Sep 7, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar... Moderate Unreviewed
CVE-2022-0377 was published Mar 1, 2022
Dompdf before v2.0.0 vulnerable to chroot check bypass Moderate
CVE-2022-2400 was published for dompdf/dompdf (Composer) Jul 19, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on... Moderate Unreviewed
CVE-2021-27250 was published May 24, 2022
Yapscan's report receiver server vulnerable to path traversal and log injection High
GHSA-9h6h-9g78-86f7 was published for github.com/fkie-cad/yapscan (Go) Dec 29, 2022
tdunlap607
Juju controller - Arbitrary file reading vulnerability Moderate
CVE-2023-0092 was published for github.com/juju/juju (Go) Mar 1, 2023
yhy0
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in... Moderate Unreviewed
CVE-2021-4332 was published Mar 7, 2023
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. High Unreviewed
CVE-2023-1105 was published Mar 1, 2023
TeamPass External Control of File Name or Path vulnerability High
CVE-2023-1070 was published for nilsteampassnet/teampass (Composer) Feb 27, 2023
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights Moderate
CVE-2021-21343 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of... Moderate Unreviewed
CVE-2022-32761 was published Aug 23, 2022
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up... High Unreviewed
CVE-2022-2431 was published Sep 7, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database