Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,224
Erlang
31
GitHub Actions
19
Go
1,990
Maven
5,000+
npm
3,706
NuGet
661
pip
3,336
Pub
11
RubyGems
884
Rust
845
Swift
36
Unreviewed advisories
All unreviewed
5,000+

100 advisories

Loading
Artifact Hub has Incorrect Docker Hub registry check Moderate
CVE-2023-45821 was published for github.com/artifacthub/hub (Go) Oct 19, 2023
dejanzelic
Synel Terminals - CWE-494: Download of Code Without Integrity Check Critical Unreviewed
CVE-2023-37220 was published Sep 3, 2023
Download of Code Without Integrity Check vulnerability in Genians Genian NAC V4.0, Genians Genian... Critical Unreviewed
CVE-2023-40254 was published Aug 11, 2023
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 a remote attacker with... High Unreviewed
CVE-2023-37864 was published Aug 9, 2023
Gin Web Framework does not properly sanitize filename parameter of Context.FileAttachment function Moderate
CVE-2023-29401 was published for github.com/gin-gonic/gin (Go) May 12, 2023
adam-baxter_cbais godwhoa
jetzlstorfer danieljmt raph6
A download of code without Integrity check vulnerability [CWE-494] in FortiClientMac version 7.0... High Unreviewed
CVE-2023-22635 was published Apr 11, 2023
RuoYi vulnerable to arbitrary file download High
CVE-2023-27025 was published for com.ruoyi:ruoyi (Maven) Apr 2, 2023
An exploitable firmware modification vulnerability was discovered in WNR612v2 Wireless Routers... High Unreviewed
CVE-2023-23110 was published Feb 2, 2023
Certain General Electric Renewable Energy products download firmware without an integrity check.... Critical Unreviewed
CVE-2022-24117 was published Dec 26, 2022
TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute... Moderate Unreviewed
CVE-2022-46430 was published Dec 20, 2022
TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary... Moderate Unreviewed
CVE-2022-46428 was published Dec 20, 2022
Rapid7 Nexpose versions prior to 6.6.172 failed to reliably validate the authenticity of update... Moderate Unreviewed
CVE-2022-4261 was published Dec 8, 2022
Sinatra vulnerable to Reflected File Download attack High
CVE-2022-45442 was published for sinatra (RubyGems) Nov 30, 2022
motoyasu-saburi
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated... High Unreviewed
CVE-2022-40799 was published Nov 29, 2022
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services... Moderate Unreviewed
CVE-2022-38199 was published Oct 25, 2022
An arbitrary file download vulnerability in the downloadAction() function of Penta Security... Moderate Unreviewed
CVE-2022-31324 was published Sep 14, 2022
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the... High Unreviewed
CVE-2022-36671 was published Sep 2, 2022
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via... High Unreviewed
CVE-2021-45027 was published Sep 2, 2022
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ levpachmanov
Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient... Critical Unreviewed
CVE-2022-30315 was published Jul 29, 2022
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop... Moderate Unreviewed
CVE-2022-24140 was published Jul 7, 2022
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4... High Unreviewed
CVE-2021-35532 was published Jun 8, 2022
Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE)... High Unreviewed
CVE-2022-27438 was published Jun 7, 2022
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on... High Unreviewed
CVE-2020-28213 was published May 24, 2022
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote... High Unreviewed
CVE-2020-7875 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database