Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,746
Erlang
35
GitHub Actions
29
Go
2,319
Maven
5,000+
npm
3,955
NuGet
712
pip
3,736
Pub
12
RubyGems
920
Rust
972
Swift
38
Unreviewed advisories
All unreviewed
5,000+

118 advisories

Loading
TP-Link TL-WR1043ND V1 3.13.15 and earlier allows authenticated attackers to execute arbitrary... Moderate Unreviewed
CVE-2022-46428 was published Dec 20, 2022
TP-Link TL-WR740N V1 and V2 v3.12.4 and earlier allows authenticated attackers to execute... Moderate Unreviewed
CVE-2022-46430 was published Dec 20, 2022
An authenticated attacker can impact the integrity of the ArubaOS bootloader on 7xxx series... Moderate Unreviewed
CVE-2022-37908 was published Dec 12, 2022
Rapid7 Nexpose versions prior to 6.6.172 failed to reliably validate the authenticity of update... Moderate Unreviewed
CVE-2022-4261 was published Dec 8, 2022
Sinatra vulnerable to Reflected File Download attack High
CVE-2022-45442 was published for sinatra (RubyGems) Nov 30, 2022
motoyasu-saburi
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated... High Unreviewed
CVE-2022-40799 was published Nov 29, 2022
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services... Moderate Unreviewed
CVE-2022-38199 was published Oct 25, 2022
An arbitrary file download vulnerability in the downloadAction() function of Penta Security... Moderate Unreviewed
CVE-2022-31324 was published Sep 14, 2022
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the... High Unreviewed
CVE-2022-36671 was published Sep 2, 2022
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via... High Unreviewed
CVE-2021-45027 was published Sep 2, 2022
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ levpachmanov
G-Rath
Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient... Critical Unreviewed
CVE-2022-30315 was published Jul 29, 2022
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop... Moderate Unreviewed
CVE-2022-24140 was published Jul 7, 2022
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4... High Unreviewed
CVE-2021-35532 was published Jun 8, 2022
Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE)... High Unreviewed
CVE-2022-27438 was published Jun 7, 2022
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on... High Unreviewed
CVE-2020-28213 was published May 24, 2022
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote... High Unreviewed
CVE-2020-7875 was published May 24, 2022
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of... High Unreviewed
CVE-2020-7874 was published May 24, 2022
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd... Critical Unreviewed
CVE-2020-7873 was published May 24, 2022
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur... Moderate Unreviewed
CVE-2021-30657 was published May 24, 2022
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS... Moderate Unreviewed
CVE-2021-30658 was published May 24, 2022
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur... Moderate Unreviewed
CVE-2021-30669 was published May 24, 2022
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC... High Unreviewed
CVE-2021-38588 was published May 24, 2022
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A... High Unreviewed
CVE-2021-33879 was published May 24, 2022
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint... Moderate Unreviewed
CVE-2021-3485 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database