Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,968
Erlang
39
GitHub Actions
38
Go
2,616
Maven
5,000+
npm
4,255
NuGet
760
pip
4,040
Pub
12
RubyGems
953
Rust
1,050
Swift
45
Unreviewed advisories
All unreviewed
5,000+

819 advisories

Loading
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter... Critical Unreviewed
CVE-2022-23357 was published Feb 8, 2022
Path Traversal in w-zip Critical
CVE-2022-0401 was published for w-zip (npm) Feb 2, 2022
The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise... Critical Unreviewed
CVE-2022-0320 was published Feb 2, 2022
Neo4j Graph Database vulnerable to Path Traversal Critical
CVE-2021-42767 was published for org.neo4j.procedure:apoc (Maven) Feb 1, 2022
ngrodum
Credited to ngrodum
The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive... Critical Unreviewed
CVE-2021-23520 was published Feb 1, 2022
A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an... Critical Unreviewed
CVE-2020-17383 was published Jan 25, 2022
Files on the host computer can be accessed from the Gradio interface Critical
CVE-2021-43831 was published for gradio (pip) Jan 21, 2022
haby0
Credited to haby0
Path traversal in Apache James Critical
CVE-2021-40525 was published for org.apache.james:james-server (Maven) Jan 21, 2022
Apache Solr Improper Input Validation and Path Traversal Critical
CVE-2021-44548 was published for org.apache.solr:solr-parent (Maven) Jan 6, 2022
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability... Critical Unreviewed
CVE-2021-37128 was published Jan 4, 2022
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due... Critical Unreviewed
CVE-2021-45427 was published Dec 31, 2021
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed
CVE-2020-20944 was published Dec 28, 2021
A directory traversal vulnerability exists in the Web Manager FsTFtp functionality of Lantronix... Critical Unreviewed
CVE-2021-21894 was published Dec 23, 2021
Zip Slip vulnerability in Pluck-CMS Pluck 4.7.15 allows an attacker to upload specially crafted... Critical Unreviewed
CVE-2021-31746 was published Dec 11, 2021
Path traversal in librenms/librenms Critical
CVE-2021-44278 was published for librenms/librenms (Composer) Dec 10, 2021
There is a Improper Limitation of a Pathname to a Restricted Directory vulnerability in Huawei... Critical Unreviewed
CVE-2021-37064 was published Dec 8, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37087 was published Dec 8, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37088 was published Dec 8, 2021
There is a Path Traversal vulnerability in Huawei Smartphone.Successful exploitation of this... Critical Unreviewed
CVE-2021-37099 was published Dec 8, 2021
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation... Critical Unreviewed
CVE-2021-43674 was published Dec 4, 2021
Path manipulation in matyhtf/framework Critical
CVE-2021-43676 was published for matyhtf/framework (Composer) Dec 4, 2021
Rudloff
Credited to Rudloff
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file... Critical Unreviewed
CVE-2021-43691 was published Nov 30, 2021
Arbitrary file reading vulnerability in Aim Critical
CVE-2021-43775 was published for aim (pip) Nov 23, 2021
haby0
Credited to haby0
Using the parameter of getPFXFolderList function, attackers can see the information of... Critical Unreviewed
CVE-2020-7882 was published Nov 23, 2021
Directory Traversal in typo3/phar-stream-wrapper Critical
CVE-2019-11831 was published for drupal/core (Composer) Sep 30, 2021
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database