Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
Arbitrary File Read in html-pdf High
CVE-2019-15138 was published for html-pdf (npm) Oct 11, 2019
Externally Controlled Reference to a Resource in Another Sphere, Improper Input Validation, and External Control of File Name or Path in Ansible High
CVE-2019-14905 was published for ansible (pip) Apr 20, 2021
ws-scrcpy is vulnerable to External Control of File Name or Path High Unreviewed
CVE-2021-3845 was published Jan 5, 2022
The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up... High Unreviewed
CVE-2022-2431 was published Sep 7, 2022
Yapscan's report receiver server vulnerable to path traversal and log injection High
GHSA-9h6h-9g78-86f7 was published for github.com/fkie-cad/yapscan (Go) Dec 29, 2022
tdunlap607
A vulnerability has been identified in Automation License Manager V5 (All versions), Automation... High Unreviewed
CVE-2022-43513 was published Jan 10, 2023
TeamPass External Control of File Name or Path vulnerability High
CVE-2023-1070 was published for nilsteampassnet/teampass (Composer) Feb 27, 2023
External Control of File Name or Path in GitHub repository flatpressblog/flatpress prior to 1.3. High Unreviewed
CVE-2023-1105 was published Mar 1, 2023
External Control of File Name or Path in GitHub repository unilogies/bumsys prior to 2.2.0. High Unreviewed
CVE-2023-2554 was published May 5, 2023
Zoom VDI client installer prior to 5.14.0 contains an improper access control vulnerability. A... High Unreviewed
CVE-2023-28603 was published Jun 13, 2023
Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of... High Unreviewed
CVE-2023-3256 was published Jun 22, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42732 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42893 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42734 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42733 was published Jul 6, 2023
A vulnerability has been identified in syngo Dynamics (All versions < VA40G HF01). syngo Dynamics... High Unreviewed
CVE-2022-42891 was published Jul 6, 2023
A vulnerability was found in Boss Mini 1.4.0 Build 6221. It has been classified as critical. This... High Unreviewed
CVE-2023-3643 was published Jul 12, 2023
A file write vulnerability exists in the OAS Engine configuration functionality of Open... High Unreviewed
CVE-2023-32615 was published Sep 5, 2023
An incomplete filtering of one or more instances of special elements vulnerability [CWE-792] in... High Unreviewed
CVE-2023-36634 was published Sep 13, 2023
Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated... High Unreviewed
CVE-2023-43074 was published Oct 23, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-35985 was published Nov 27, 2023
An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit... High Unreviewed
CVE-2023-40194 was published Nov 27, 2023
A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356.... High Unreviewed
CVE-2023-39542 was published Nov 27, 2023
Malicious Code Execution Vulnerability due to External Control of File Name or Path in multiple... High Unreviewed
CVE-2023-5247 was published Nov 30, 2023
Windows HTML Platforms Security Feature Bypass Vulnerability High Unreviewed
CVE-2024-20652 was published Jan 9, 2024
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database