GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,134
Erlang
29
GitHub Actions
19
Go
1,941
Maven
5,000+
npm
3,681
NuGet
650
pip
3,298
Pub
11
RubyGems
877
Rust
830
Swift
35
Unreviewed advisories
All unreviewed
5,000+
261 advisories
Filter by severity
In Lima, a malicious disk image could read a single file on the host filesystem as a qcow2/vmdk backing file
Low
CVE-2023-32684
was published
for
github.com/lima-vm/lima
(Go)
May 31, 2023
A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some...
Moderate
Unreviewed
CVE-2023-2766
was published
May 17, 2023
The KIWIZ Invoices Certification & PDF System WordPress plugin through 2.1.3 does not validate...
High
Unreviewed
CVE-2023-2180
was published
May 15, 2023
A vulnerability has been identified in SIMATIC Cloud Connect 7 CC712 (All versions >= V2.0 < V2.1...
Moderate
Unreviewed
CVE-2023-29107
was published
May 9, 2023
Osprey Pump Controller version 1.01 is vulnerable to an unauthenticated file disclosure. Using a...
High
Unreviewed
CVE-2023-28375
was published
Mar 28, 2023
amano Xparc parking solutions 7.1.3879 was discovered to be vulnerable to local file inclusion.
High
Unreviewed
CVE-2023-23330
was published
Mar 28, 2023
Files or Directories Accessible to External Parties vulnerability in Saysis Starcities allows...
High
Unreviewed
CVE-2023-1246
was published
Mar 10, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the...
High
Unreviewed
CVE-2023-26948
was published
Mar 9, 2023
onekeyadmin v1.3.9 was discovered to contain an arbitrary file read vulnerability via the...
High
Unreviewed
CVE-2023-26956
was published
Mar 8, 2023
The Correos Oficial WordPress plugin through 1.2.0.2 does not have an authorization check user...
High
Unreviewed
CVE-2023-0331
was published
Feb 27, 2023
A Path Traversal in setup.php in OpenEMR < 7.0.0 allows remote unauthenticated users to read...
High
Unreviewed
CVE-2023-22974
was published
Feb 22, 2023
The affected product DIAEnergie (versions prior to v1.9.03.001) contains improper authorization,...
High
Unreviewed
CVE-2023-0822
was published
Feb 17, 2023
CRMEB 4.4.4 is vulnerable to Any File download.
High
Unreviewed
CVE-2022-44343
was published
Feb 6, 2023
lmxcms v1.41 was discovered to contain an arbitrary file read vulnerability via TemplateAction...
Moderate
Unreviewed
CVE-2022-48094
was published
Feb 1, 2023
Easy Images v2.0 was discovered to contain an arbitrary file download vulnerability via the...
High
Unreviewed
CVE-2022-48161
was published
Feb 1, 2023
The All-In-One Security (AIOS) WordPress plugin before 5.1.3 leaked settings of the plugin...
Moderate
Unreviewed
CVE-2022-4346
was published
Jan 23, 2023
OpenStack Swift XML external entities (XXE) Injection
Moderate
CVE-2022-47950
was published
for
swift
(pip)
Jan 18, 2023
A vulnerability exists in the FTP server of the Zyxel AX7501-B0 firmware prior to V5.17(ABPC.3)C0...
Moderate
Unreviewed
CVE-2022-45440
was published
Jan 17, 2023
GitOps Run allows for Kubernetes workload injection
High
CVE-2022-23508
was published
for
github.com/weaveworks/weave-gitops
(Go)
Jan 9, 2023
A Local File Inclusion vulnerability has been found in Axiell Iguana CMS. Due to insufficient...
Moderate
Unreviewed
CVE-2022-45052
was published
Jan 4, 2023
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it...
Moderate
Unreviewed
CVE-2022-4236
was published
Jan 3, 2023
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it...
High
Unreviewed
CVE-2022-4140
was published
Jan 3, 2023
Some Dahua software products have a vulnerability of unrestricted download of file. After...
Moderate
Unreviewed
CVE-2022-45426
was published
Dec 27, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.8 does not validate user input...
Moderate
Unreviewed
CVE-2022-4108
was published
Dec 19, 2022
The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation...
High
Unreviewed
CVE-2022-4106
was published
Dec 19, 2022
ProTip!
Advisories are also available from the
GraphQL API