Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,476
Erlang
33
GitHub Actions
24
Go
2,203
Maven
5,000+
npm
3,852
NuGet
696
pip
3,637
Pub
12
RubyGems
911
Rust
913
Swift
38
Unreviewed advisories
All unreviewed
5,000+

112 advisories

Loading
Data Integrity Failure in 'Backup Config' in D-Link DNR-322L <= 2.60B15 allows an authenticated... High Unreviewed
CVE-2022-40799 was published Nov 29, 2022
A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services... Moderate Unreviewed
CVE-2022-38199 was published Oct 25, 2022
An arbitrary file download vulnerability in the downloadAction() function of Penta Security... Moderate Unreviewed
CVE-2022-31324 was published Sep 14, 2022
Novel-Plus v3.6.2 was discovered to contain an arbitrary file download vulnerability via the... High Unreviewed
CVE-2022-36671 was published Sep 2, 2022
An arbitrary file download vulnerability in Oliver v5 Library Server Versions < 5.00.008.053 via... High Unreviewed
CVE-2021-45027 was published Sep 2, 2022
Django vulnerable to Reflected File Download attack High
CVE-2022-36359 was published for Django (pip) Aug 11, 2022
sunSUNQ levpachmanov
G-Rath
Honeywell Experion PKS Safety Manager (SM and FSC) through 2022-05-06 has Insufficient... Critical Unreviewed
CVE-2022-30315 was published Jul 29, 2022
IOBit Advanced System Care 15, iTop Screen Recorder 2.1, iTop VPN 3.2, Driver Booster 9, and iTop... Moderate Unreviewed
CVE-2022-24140 was published Jul 7, 2022
A vulnerability exists in the file upload validation part of Hitachi Energy TXpert Hub CoreTec 4... High Unreviewed
CVE-2021-35532 was published Jun 8, 2022
Caphyon Ltd Advanced Installer 19.2 was discovered to contain a remote code execution (RCE)... High Unreviewed
CVE-2022-27438 was published Jun 7, 2022
A CWE-494: Download of Code Without Integrity Check vulnerability exists in PLC Simulator on... High Unreviewed
CVE-2020-28213 was published May 24, 2022
DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote... High Unreviewed
CVE-2020-7875 was published May 24, 2022
Download of code without integrity check vulnerability in NEXACRO14 Runtime ActiveX control of... High Unreviewed
CVE-2020-7874 was published May 24, 2022
Download of code without integrity check vulnerability in ActiveX control of Younglimwon Co., Ltd... Critical Unreviewed
CVE-2020-7873 was published May 24, 2022
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur... Moderate Unreviewed
CVE-2021-30657 was published May 24, 2022
This issue was addressed with improved handling of file metadata. This issue is fixed in macOS... Moderate Unreviewed
CVE-2021-30658 was published May 24, 2022
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur... Moderate Unreviewed
CVE-2021-30669 was published May 24, 2022
In cPanel before 96.0.13, fix_cpanel_perl lacks verification of the integrity of downloads (SEC... High Unreviewed
CVE-2021-38588 was published May 24, 2022
Tencent GameLoop before 4.1.21.90 downloaded updates over an insecure HTTP connection. A... High Unreviewed
CVE-2021-33879 was published May 24, 2022
An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint... Moderate Unreviewed
CVE-2021-3485 was published May 24, 2022
An issue was discovered in Emote Remote Mouse through 4.0.0.0. It uses cleartext HTTP to check,... High Unreviewed
CVE-2021-27574 was published May 24, 2022
AppImage appimaged before 1.0.3 does not properly check whether a downloaded file is a valid... Moderate Unreviewed
CVE-2020-25266 was published May 24, 2022
Jenkins Plugin Installation Manager Tool did not verify plugin downloads Critical
CVE-2020-2320 was published for io.jenkins.plugin-management:plugin-management-parent-pom (Maven) May 24, 2022
westonsteimel NotMyFault
tdunlap607
Barco wePresent WiPG-1600W devices download code without an Integrity Check. Affected Version(s):... Critical Unreviewed
CVE-2020-28332 was published May 24, 2022
A remote code execution vulnerability exists in Microsoft SharePoint where APIs aren't properly... Moderate Unreviewed
CVE-2020-1595 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database