Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
5,000+
Erlang
70
GitHub Actions
52
Go
3,967
Maven
5,000+
npm
5,000+
NuGet
973
pip
5,000+
Pub
13
RubyGems
1,064
Rust
1,387
Swift
56
Unreviewed advisories
All unreviewed
5,000+

26 advisories

Loading
Files Accessible to External Parties in Opencast Critical
CVE-2021-43821 was published for org.opencastproject:opencast-ingest-service-impl (Maven) Dec 14, 2021
gregorydlogan Credited to gregorydlogan
The ZXR10 1800-2S before v3.00.40 incorrectly restricts access to a resource from an unauthorized... Critical Unreviewed
CVE-2017-10930 was published May 13, 2022
Intelbras WRN 150 devices allow remote attackers to read the configuration file, and consequently... Critical Unreviewed
CVE-2017-14942 was published May 13, 2022
A vulnerability in the implementation of an internal file management service for Cisco Nexus 3000... Critical Unreviewed
CVE-2021-1361 was published May 24, 2022
It has been discovered that redhat-certification does not restrict file access in the /update... Critical Unreviewed
CVE-2018-10867 was published May 24, 2022
laravel-s vulnerable to Local File Inclusion Critical
CVE-2023-29931 was published for hhxsv5/laravel-s (Composer) Jun 22, 2023
Apache InLong has Files or Directories Accessible to External Parties in Apache InLong Critical
CVE-2023-31066 was published for org.apache.inlong:manager-service (Maven) Jul 6, 2023
Apache Struts vulnerable to path traversal Critical
CVE-2023-50164 was published for org.apache.struts:struts2-core (Maven) Dec 7, 2023
yoshizawa-masatoshi Credited to yoshizawa-masatoshi and henrikplate henrikplate henrikplate
Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability Critical Unreviewed
CVE-2024-21403 was published Feb 13, 2024
Files or Directories Accessible to External Parties in ProjectDiscovery Critical
CVE-2024-5262 was published for github.com/projectdiscovery/interactsh (Go) Jun 5, 2024
The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to,... Critical Unreviewed
CVE-2024-4098 was published Jun 20, 2024
Duplicate Advisory: Gogs allows deletion of internal files Critical
GHSA-2vgj-3pvg-xh4w was published for github.com/gogs/gogs (Go) Jul 4, 2024 withdrawn
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v <=3.08.01; NEXUS Series v <... Critical Unreviewed
CVE-2024-6209 was published Jul 5, 2024
Files or Directories Accessible to External Parties vulnerability in Eliz Software Panel allows... Critical Unreviewed
CVE-2024-6878 was published Sep 18, 2024
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may... Critical Unreviewed
CVE-2024-53676 was published Nov 27, 2024
Gogs allows deletion of internal files Critical
CVE-2024-39931 was published for gogs.io/gogs (Go) Dec 23, 2024
swapgs Credited to swapgs
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified Critical Unreviewed
CVE-2025-40908 was published Jun 1, 2025
Gogs allows deletion of internal files which leads to remote command execution Critical
CVE-2024-56731 was published for gogs.io/gogs (Go) Jun 24, 2025
Ry0taK Credited to Ry0taK
phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file... Critical Unreviewed
CVE-2025-69990 was published Jan 13, 2026
An attacker may perform unauthenticated read and write operations on sensitive filesystem areas... Critical Unreviewed
CVE-2026-2331 was published Mar 6, 2026
An attacker may access restricted filesystem areas on the device via the CROWN REST interface due... Critical Unreviewed
CVE-2026-2330 was published Mar 6, 2026
FHIR Validator HTTP service has SSRF via /loadIG Chains with startsWith() Credential Leak for Authentication Token Theft Critical
CVE-2026-34361 was published for ca.uhn.hapi.fhir:org.hl7.fhir.validation (Maven) Mar 30, 2026
offset Credited to offset
CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the... Critical Unreviewed
CVE-2019-25709 was published Apr 12, 2026
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary storage file deletion... Critical Unreviewed
CVE-2026-31216 was published May 12, 2026
The nexent v1.7.5.2 backend service contains an unauthorized arbitrary file deletion... Critical Unreviewed
CVE-2026-31215 was published May 12, 2026
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database