Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,205
Erlang
31
GitHub Actions
19
Go
1,986
Maven
5,000+
npm
3,703
NuGet
661
pip
3,329
Pub
11
RubyGems
884
Rust
843
Swift
36
Unreviewed advisories
All unreviewed
5,000+

120 advisories

Loading
Juju controller - Arbitrary file reading vulnerability Moderate
CVE-2023-0092 was published for github.com/juju/juju (Go) Mar 1, 2023
yhy0
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in... Moderate Unreviewed
CVE-2021-4332 was published Mar 7, 2023
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. High Unreviewed
CVE-2023-1105 was published Mar 1, 2023
TeamPass External Control of File Name or Path vulnerability High
CVE-2023-1070 was published for nilsteampassnet/teampass (Composer) Feb 27, 2023
XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights Moderate
CVE-2021-21343 was published for com.thoughtworks.xstream:xstream (Maven) Mar 22, 2021
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of... Moderate Unreviewed
CVE-2022-32761 was published Aug 23, 2022
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up... High Unreviewed
CVE-2022-2431 was published Sep 7, 2022
There are multiple API function codes that permit reading and writing data to or from files and... Critical Unreviewed
CVE-2021-38477 was published May 24, 2022
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be... Moderate Unreviewed
CVE-2022-2638 was published Aug 29, 2022
An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6... Moderate Unreviewed
CVE-2022-28710 was published Aug 23, 2022
A vulnerability, which was classified as problematic, has been found in sternenseemann... Critical Unreviewed
CVE-2014-125059 was published Jan 7, 2023
ws-scrcpy is vulnerable to External Control of File Name or Path High Unreviewed
CVE-2021-3845 was published Jan 5, 2022
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of... Moderate Unreviewed
CVE-2022-34765 was published Jul 14, 2022
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This... Critical Unreviewed
CVE-2014-125044 was published Jan 5, 2023
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported... Moderate Unreviewed
CVE-2022-0246 was published Apr 12, 2022
Upload whitelisted files to any directory in OctoberCMS Low
CVE-2020-5297 was published for october/cms (Composer) Jun 3, 2020
staz0t
Arbitrary File Deletion vulnerability in OctoberCMS Moderate
CVE-2020-5296 was published for october/cms (Composer) Jun 3, 2020
staz0t
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form... Moderate Unreviewed
CVE-2022-0593 was published Mar 15, 2022
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to... Moderate Unreviewed
CVE-2021-24966 was published Mar 15, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database