GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,279
Erlang
31
GitHub Actions
21
Go
2,056
Maven
5,000+
npm
3,740
NuGet
668
pip
3,421
Pub
12
RubyGems
891
Rust
873
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
104 advisories
Filter by severity
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to...
Moderate
Unreviewed
CVE-2021-24966
was published
Mar 15, 2022
The Login with phone number WordPress plugin before 1.3.7 includes a file delete.php with no form...
Moderate
Unreviewed
CVE-2022-0593
was published
Mar 15, 2022
The settings of the iQ Block Country WordPress plugin before 1.2.13 can be exported or imported...
Moderate
Unreviewed
CVE-2022-0246
was published
Apr 12, 2022
A vulnerability, which was classified as critical, was found in soshtolsus wing-tight. This...
Critical
Unreviewed
CVE-2014-125044
was published
Jan 5, 2023
A CWE-73: External Control of File Name or Path vulnerability exists that could cause loading of...
Moderate
Unreviewed
CVE-2022-34765
was published
Jul 14, 2022
ws-scrcpy is vulnerable to External Control of File Name or Path
High
Unreviewed
CVE-2021-3845
was published
Jan 5, 2022
A vulnerability, which was classified as problematic, has been found in sternenseemann...
Critical
Unreviewed
CVE-2014-125059
was published
Jan 7, 2023
An information disclosure vulnerability exists in the chunkFile functionality of WWBN AVideo 11.6...
Moderate
Unreviewed
CVE-2022-28710
was published
Aug 23, 2022
The Export All URLs WordPress plugin before 4.4 does not validate the path of the file to be...
Moderate
Unreviewed
CVE-2022-2638
was published
Aug 29, 2022
There are multiple API function codes that permit reading and writing data to or from files and...
Critical
Unreviewed
CVE-2021-38477
was published
May 24, 2022
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up...
High
Unreviewed
CVE-2022-2431
was published
Sep 7, 2022
An information disclosure vulnerability exists in the aVideoEncoderReceiveImage functionality of...
Moderate
Unreviewed
CVE-2022-32761
was published
Aug 23, 2022
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3.
High
Unreviewed
CVE-2023-1105
was published
Mar 1, 2023
The Plus Addons for Elementor plugin for WordPress is vulnerable to arbitrary file reads in...
Moderate
Unreviewed
CVE-2021-4332
was published
Mar 7, 2023
This vulnerability allows network-adjacent attackers to disclose sensitive information on...
Moderate
Unreviewed
CVE-2021-27250
was published
May 24, 2022
Users of the LearnPress WordPress plugin before 4.1.5 can upload an image as a profile avatar...
Moderate
Unreviewed
CVE-2022-0377
was published
Mar 1, 2022
The WordPress Infinite Scroll – Ajax Load More plugin for Wordpress is vulnerable to arbitrary...
Moderate
Unreviewed
CVE-2022-2943
was published
Sep 7, 2022
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This...
High
Unreviewed
CVE-2023-3643
was published
Jul 12, 2023
External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0.
High
Unreviewed
CVE-2023-2554
was published
May 5, 2023
A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0...
Moderate
Unreviewed
CVE-2023-2152
was published
Apr 18, 2023
A vulnerability, which was classified as critical, has been found in SourceCodester Resort...
Moderate
Unreviewed
CVE-2023-4191
was published
Aug 7, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit...
High
Unreviewed
CVE-2023-35985
was published
Nov 27, 2023
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356....
High
Unreviewed
CVE-2023-39542
was published
Nov 27, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit...
High
Unreviewed
CVE-2023-40194
was published
Nov 27, 2023
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple...
High
Unreviewed
CVE-2023-5247
was published
Nov 30, 2023
ProTip!
Advisories are also available from the
GraphQL API