Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

107 advisories

Loading
PHPMemcachedAdmin Path Traversal vulnerability Critical
CVE-2023-6026 was published for elijaa/phpmemcacheadmin (Composer) Nov 30, 2023
Ray Path Traversal vulnerability Critical
CVE-2023-6021 was published for ray (pip) Nov 16, 2023
MLflow allowed arbitrary files to be PUT onto the server Critical
CVE-2023-6015 was published for mlflow (pip) Nov 16, 2023
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter Critical
CVE-2023-37913 was published for org.xwiki.platform:xwiki-platform-office-importer (Maven) Oct 25, 2023
Yamcs API Directory Traversal vulnerability Critical
CVE-2023-45278 was published for org.yamcs:yamcs (Maven) Oct 19, 2023
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter Critical
CVE-2015-5467 was published for yiisoft/yii2 (Composer) Sep 21, 2023
NATS nats-server allows directory traversal via unintended path to a management action Critical
CVE-2022-28357 was published for github.com/nats-io/nats-server (Go) Sep 19, 2023
Path traversal and code execution via prototype vulnerability Critical
CVE-2023-26045 was published for nodebb (npm) Jul 25, 2023
starinfar
Path Traversal in Apache Shiro Critical
CVE-2023-34478 was published for org.apache.shiro:shiro-web (Maven) Jul 24, 2023
Apache StreamPark Path Traversal vulnerability Critical
CVE-2022-45802 was published for org.apache.streampark:streampark-common_2.11 (Maven) Jul 6, 2023
Apache Linkis Zip Slip issue Critical
CVE-2023-27603 was published for org.apache.linkis:linkis (Maven) Jul 6, 2023
php-imap vulnerable to RCE through a directory traversal vulnerability Critical
CVE-2023-35169 was published for webklex/laravel-imap (Composer) Jun 21, 2023
angelej
sjqzhang go-fastdfs vulnerable to path traversal Critical
CVE-2023-1800 was published for github.com/sjqzhang/go-fastdfs (Go) Apr 2, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs Critical
CVE-2023-1177 was published for mlflow (pip) Mar 24, 2023
Arbitrary file deletion in ureport Critical
CVE-2023-24188 was published for com.bstek.ureport:ureport2-core (Maven) Feb 13, 2023
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core` Critical
CVE-2023-24057 was published for ca.uhn.hapi.fhir:org.hl7.fhir.convertors (Maven) Jan 23, 2023
JLLeitschuh
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL Critical
CVE-2022-45299 was published for webbrowser (Rust) Jan 13, 2023
tdunlap607
go-unzip vulnerable to Path Traversal Critical
CVE-2020-36560 was published for github.com/artdarek/go-unzip (Go) Dec 28, 2022
Unzip vulnerable to path traversal Critical
CVE-2020-36561 was published for github.com/yi-ge/unzip (Go) Dec 28, 2022
tar-utils Path Traversal vulnerability Critical
CVE-2020-36566 was published for github.com/whyrusleeping/tar-utils (Go) Dec 28, 2022
Cloud Foundry Archiver vulnerable to path traversal Critical
CVE-2018-25046 was published for code.cloudfoundry.org/archiver (Go) Dec 28, 2022
ThinkPHP Framework vulnerable to remote code execution Critical
CVE-2022-47945 was published for topthink/framework (Composer) Dec 23, 2022
Alist vulnerable to Path Traversal Critical
CVE-2022-45969 was published for github.com/alist-org/alist/v3 (Go) Dec 16, 2022
SCIFIO vulnerable to Path Traversal Critical
CVE-2022-4493 was published for io.scif:scifio (Maven) Dec 14, 2022
Keycloak vulnerable to path traversal via double URL encoding Critical
CVE-2022-3782 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
ProTip! Advisories are also available from the GraphQL API