GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,330
Erlang
31
GitHub Actions
21
Go
2,091
Maven
5,000+
npm
3,756
NuGet
678
pip
3,443
Pub
12
RubyGems
892
Rust
882
Swift
37
Unreviewed advisories
All unreviewed
5,000+
68 advisories
Filter by severity
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in...
Moderate
Unreviewed
CVE-2021-4332
was published
Mar 7, 2023
Juju controller - Arbitrary file reading vulnerability
Moderate
CVE-2023-0092
was published
for
github.com/juju/juju
(Go)
Mar 1, 2023
A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an...
Moderate
Unreviewed
CVE-2023-0003
was published
Feb 8, 2023
Cortex's Alertmanager can expose local files content via specially crafted config
Moderate
CVE-2022-23536
was published
for
github.com/cortexproject/cortex
(Go)
Dec 19, 2022
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary...
Moderate
Unreviewed
CVE-2022-2943
was published
Sep 7, 2022
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be...
Moderate
Unreviewed
CVE-2022-2638
was published
Aug 29, 2022
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of...
Moderate
Unreviewed
CVE-2022-32761
was published
Aug 23, 2022
An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6...
Moderate
Unreviewed
CVE-2022-28710
was published
Aug 23, 2022
Dompdf before v2.0.0 vulnerable to chroot check bypass
Moderate
CVE-2022-2400
was published
for
dompdf/dompdf
(Composer)
Jul 19, 2022
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of...
Moderate
Unreviewed
CVE-2022-34765
was published
Jul 14, 2022
This vulnerability allows network-adjacent attackers to disclose sensitive information on...
Moderate
Unreviewed
CVE-2021-27250
was published
May 24, 2022
ingress-nginx component for Kubernetes allows file overwrite
Moderate
CVE-2020-8553
was published
for
k8s.io/ingress-nginx
(Go)
May 24, 2022
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported...
Moderate
Unreviewed
CVE-2022-0246
was published
Apr 12, 2022
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to...
Moderate
Unreviewed
CVE-2021-24966
was published
Mar 15, 2022
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form...
Moderate
Unreviewed
CVE-2022-0593
was published
Mar 15, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar...
Moderate
Unreviewed
CVE-2022-0377
was published
Mar 1, 2022
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights
Moderate
CVE-2021-21343
was published
for
com.thoughtworks.xstream:xstream
(Maven)
Mar 22, 2021
Arbitrary File Deletion vulnerability in OctoberCMS
Moderate
CVE-2020-5296
was published
for
october/cms
(Composer)
Jun 3, 2020
ProTip!
Advisories are also available from the
GraphQL API