GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

All reviewed 20,614
Composer 4,224
Erlang 31
GitHub Actions 19
Go 1,990
Maven 5,170
npm 3,706
NuGet 661
pip 3,336
Pub 11
RubyGems 884
Rust 845
Swift 36

Unreviewed advisories

All unreviewed 234,503

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Filter advisories

GitHub reviewed advisories

Unreviewed advisories

All unreviewed

5,000+

Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

81 advisories

Filter by severity

Sort by

Least recently updated

CuppaCMS v1.0 was discovered to contain a local file inclusion via the url parameter in /alerts... High Unreviewed

CVE-2022-25485 was published Mar 16, 2022

An attacker with the ability to modify a user program may change user program code on some... Critical Unreviewed

CVE-2022-1161 was published Apr 12, 2022

Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by... High Unreviewed

CVE-2018-12120 was published May 13, 2022

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote,... Moderate Unreviewed

CVE-2021-29113 was published Dec 8, 2021

Honeywell Alerton Ascent Control Module (ACM) through 2022-05-04 allows unauthenticated... High Unreviewed

CVE-2022-30244 was published Jul 16, 2022

Honeywell Alerton Visual Logic through 2022-05-04 allows unauthenticated programming writes from... High Unreviewed

CVE-2022-30243 was published Jul 16, 2022

Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64... High Unreviewed

CVE-2022-33317 was published Jul 21, 2022

Cuppa CMS v1.0 was discovered to contain a local file inclusion (LFI) vulnerability via the... High Unreviewed

CVE-2022-34121 was published Jul 28, 2022

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user... Moderate Unreviewed

CVE-2022-37191 was published Sep 14, 2022

If an image had not loaded correctly (such as when it is not actually an image), it could be... Moderate Unreviewed

CVE-2019-17014 was published May 24, 2022

Certain General Electric Renewable Energy products have a hidden feature for unauthenticated... Critical Unreviewed

CVE-2022-24119 was published Dec 26, 2022

IBM Maximo for Civil Infrastructure 7.6.2 includes executable functionality (such as a library)... High Unreviewed

CVE-2021-20443 was published May 24, 2022

IBM Cognos Analytics 11.0 and 11.1 DQM API allows submitting of all control requests in... Critical Unreviewed

CVE-2020-4561 was published May 24, 2022

Inappropriate implementation in Offline in Google Chrome on Android prior to 90.0.4430.212... High Unreviewed

CVE-2021-30507 was published May 24, 2022

An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience... Moderate Unreviewed

CVE-2021-31927 was published May 24, 2022

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5... Moderate Unreviewed

CVE-2021-29777 was published May 24, 2022

Local file inclusion exists in Kaseya VSA before 9.5.6. High Unreviewed

CVE-2021-30121 was published May 24, 2022

iDrive RemotePC before 7.6.48 on Windows allows privilege escalation. A local and low-privileged... High Unreviewed

CVE-2021-34692 was published May 24, 2022

A local file inclusion (LFI) vulnerability exists in the options.php script functionality of... Critical Unreviewed

CVE-2021-21804 was published May 24, 2022

NVIDIA DCGM contains a vulnerability in the DIAG module where any user can inject shared... High Unreviewed

CVE-2021-34398 was published May 24, 2022

The wp-publications WordPress plugin is vulnerable to restrictive local file inclusion via the... High Unreviewed

CVE-2021-38360 was published May 24, 2022

In the kernel in Insyde InsydeH2O 5.x, certain SMM drivers did not correctly validate the... High Unreviewed

CVE-2021-33626 was published May 24, 2022

SAS/Intrnet 9.4 build 1520 and earlier allows Local File Inclusion. The samples library (included... High Unreviewed

CVE-2021-41569 was published May 24, 2022

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier,... Moderate Unreviewed

CVE-2021-20843 was published May 24, 2022

The NetConfig UI administrative interface in Extreme Networks ExtremeWireless Aerohive HiveOS and... Critical Unreviewed

CVE-2020-16152 was published May 24, 2022

Previous 1 2 3 4 Next

ProTip! Advisories are also available from the GraphQL API

CC-BY-4.0 License

Language support

About GitHub Advisory Database

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

GitHub Advisory Database

GitHub reviewed advisories

Unreviewed advisories

81 advisories