Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

34 advisories

Loading
The Qi Addons For Elementor plugin for WordPress is vulnerable to Remote File Inclusion in all... High Unreviewed
CVE-2024-4887 was published Jun 7, 2024
Avast Premium Security Sandbox Protection Link Following Privilege Escalation Vulnerability. This... High Unreviewed
CVE-2023-42125 was published May 3, 2024
An issue was discovered in Janus through 0.9.1. janus.c tries to use a string that doesn't... Critical Unreviewed
CVE-2020-10574 was published May 24, 2022
The Java API in Generalitat de Catalunya accesuniversitat.gencat.cat 1.7.5 allows remote... Moderate Unreviewed
CVE-2019-12837 was published May 24, 2022
A file-rename filter bypass exists in admin/media/rename.php in WBCE CMS 1.4.0 and earlier. This... High Unreviewed
CVE-2019-17575 was published May 24, 2022
A use of incorrectly resolved name vulnerability fixed in 7.83.1 might remove the wrong file when... High Unreviewed
CVE-2022-27778 was published Jun 3, 2022
libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse,... High Unreviewed
CVE-2021-22924 was published May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. checkout.c mishandles... High Unreviewed
CVE-2020-12279 was published May 24, 2022
An issue was discovered in libgit2 before 0.28.4 and 0.9x before 0.99.0. path.c mishandles... High Unreviewed
CVE-2020-12278 was published May 24, 2022
MobileIron Core and Connector before 10.3.0.4, 10.4.x before 10.4.0.4, 10.5.x before 10.5.1.1, 10... High Unreviewed
CVE-2020-15505 was published May 24, 2022
Improper Resolution of Path Equivalence in GitHub repository microweber-dev/whmcs_plugin prior to... Moderate Unreviewed
CVE-2022-0855 was published Mar 5, 2022
Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0... Moderate Unreviewed
CVE-2018-6112 was published May 13, 2022
An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. An... Moderate Unreviewed
CVE-2020-35566 was published May 24, 2022
An issue was discovered in OFCMS before 1.1.3. Remote attackers can execute arbitrary code... High Unreviewed
CVE-2019-9616 was published May 13, 2022
A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic... Moderate Unreviewed
CVE-2019-0816 was published May 13, 2022
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly... High Unreviewed
CVE-2019-0571 was published May 13, 2022
A vulnerability in the file type detection mechanism of the Cisco Advanced Malware Protection ... Moderate Unreviewed
CVE-2018-0237 was published May 13, 2022
An issue was discovered in WTCMS 1.0. It allows remote attackers to execute arbitrary PHP code by... Critical Unreviewed
CVE-2019-8908 was published May 13, 2022
MyWebSQL 3.7 has a remote code execution (RCE) vulnerability after an attacker writes shell code... Critical Unreviewed
CVE-2019-7731 was published May 13, 2022
mainproc.c in GnuPG before 2.2.8 mishandles the original filename during decryption and... High Unreviewed
CVE-2018-12020 was published May 13, 2022
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V1 of... Critical Unreviewed
CVE-2022-30257 was published Nov 22, 2022
An issue was discovered in Technitium DNS Server through 8.0.2 that allows variant V2 of... Critical Unreviewed
CVE-2022-30258 was published Nov 22, 2022
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR)... Moderate Unreviewed
CVE-2021-37215 was published May 24, 2022
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.... Moderate Unreviewed
CVE-2021-37213 was published May 24, 2022
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR)... High Unreviewed
CVE-2021-37214 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database