Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

38 advisories

Loading
Anyquery: Local File Read (LFR) via Unrestricted SQLite Virtual Table Modules in Server Mode High
CVE-2026-54629 was published for github.com/julien040/anyquery (Go) Jul 14, 2026
Metincloup Credited to Metincloup
Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band Exfiltration via `custom-payload-file` High
CVE-2026-45088 was published for github.com/hahwul/dalfox/v2 (Go) May 12, 2026
tdjackey Credited to tdjackey
Picklescan vulnerable to Arbitrary File Writing High
CVE-2025-71321 was published for picklescan (pip) Dec 29, 2025
0x-Apollyon Credited to 0x-Apollyon
Constellation has insecure LUKS2 persistent storage partitions which may be opened and used High
CVE-2025-58356 was published for github.com/edgelesssys/constellation/v2 (Go) Oct 27, 2025
tjade273 Credited to tjade273, daniel-weisse, msanft, and katexochen daniel-weisse daniel-weisse
msanft msanft katexochen katexochen
Apache Kylin Files or Directories Accessible to External Parties High
CVE-2025-61734 was published for org.apache.kylin:kylin (Maven) Oct 2, 2025
Moodle has an arbitrary file read risk through pdfTeX High
CVE-2025-26525 was published for moodle/moodle (Composer) Feb 24, 2025
Sparkle Signing Checks Bypass High
CVE-2025-0509 was published for github.com/sparkle-project/Sparkle (Swift) Feb 4, 2025
SiYuan has an arbitrary file deletion vulnerability High
CVE-2025-21609 was published for github.com/siyuan-note/siyuan/kernel (Go) Jan 3, 2025
N0el4kLs Credited to N0el4kLs
Craft CMS Arbitrary System File Read High
CVE-2024-52292 was published for craftcms/cms (Composer) Nov 13, 2024
pk2codes Credited to pk2codes
Apache SeaTunnel SQL Injection vulnerability High
CVE-2023-49198 was published for org.apache.seatunnel:seatunnel (Maven) Aug 21, 2024
Apache Linkis arbitrary file deletion vulnerability High
CVE-2024-27182 was published for org.apache.linkis:linkis (Maven) Aug 2, 2024
Apache Linkis DataSource allows arbitrary file reading High
CVE-2023-41916 was published for org.apache.linkis:linkis-datasource (Maven) Jul 15, 2024
OpenStack Cinder, Glance, and Nova vulnerable to arbitrary file access High
CVE-2024-32498 was published for cinder (pip) Jul 5, 2024
Pterodactyl Wings vulnerable to Arbitrary File Write/Read High
CVE-2024-34066 was published for github.com/pterodactyl/wings (Go) May 3, 2024
TrixterTheTux Credited to TrixterTheTux and matthewpi matthewpi matthewpi
Apache InLong has Files or Directories Accessible to External Parties High
CVE-2023-31064 was published for org.apache.inlong:manager-workflow (Maven) Jul 6, 2023
Dolibarr vulnerable to unauthenticated database access High
CVE-2023-33568 was published for dolibarr/dolibarr (Composer) Jun 13, 2023
GitOps Run allows for Kubernetes workload injection High
CVE-2022-23508 was published for github.com/weaveworks/weave-gitops (Go) Jan 9, 2023
pjbgf Credited to pjbgf
Payara, when deployed to the root context, allows attackers to visit META-INF and WEB-INF High
CVE-2022-45129 was published for fish.payara.distributions:payara (Maven) Nov 10, 2022
tstoney-exiger Credited to tstoney-exiger
Dompdf allows remote file inclusion because URI validation failure does not halt font registration High
CVE-2022-41343 was published for dompdf/dompdf (Composer) Sep 26, 2022
Arbitrary file read in ginadmin High
CVE-2022-30428 was published for github.com/gphper/ginadmin (Go) May 26, 2022
Wildfly-Core user account mismanagement High
CVE-2021-3717 was published for org.wildfly.core:wildfly-core-parent (Maven) May 25, 2022
PhantomJS Arbitrary File Read High
CVE-2019-17221 was published for phantomjs (npm) May 24, 2022
Sandbox bypass vulnerability through implicitly allowlisted platform Groovy files in Jenkins Pipeline: Groovy Plugin High
CVE-2022-30945 was published for org.jenkins-ci.plugins.workflow:workflow-cps (Maven) May 18, 2022
NotMyFault Credited to NotMyFault
ProTip! Advisories are also available from the GraphQL API