GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
107 advisories
Filter by severity
PHPMemcachedAdmin Path Traversal vulnerability
Critical
CVE-2023-6026
was published
for
elijaa/phpmemcacheadmin
(Composer)
Nov 30, 2023
MLflow allowed arbitrary files to be PUT onto the server
Critical
CVE-2023-6015
was published
for
mlflow
(pip)
Nov 16, 2023
org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter
Critical
CVE-2023-37913
was published
for
org.xwiki.platform:xwiki-platform-office-importer
(Maven)
Oct 25, 2023
Yamcs API Directory Traversal vulnerability
Critical
CVE-2023-45278
was published
for
org.yamcs:yamcs
(Maven)
Oct 19, 2023
Yii2 allows attackers to execute any local .php file via a relative path in the view parameter
Critical
CVE-2015-5467
was published
for
yiisoft/yii2
(Composer)
Sep 21, 2023
NATS nats-server allows directory traversal via unintended path to a management action
Critical
CVE-2022-28357
was published
for
github.com/nats-io/nats-server
(Go)
Sep 19, 2023
Path traversal and code execution via prototype vulnerability
Critical
CVE-2023-26045
was published
for
nodebb
(npm)
Jul 25, 2023
Path Traversal in Apache Shiro
Critical
CVE-2023-34478
was published
for
org.apache.shiro:shiro-web
(Maven)
Jul 24, 2023
Apache StreamPark Path Traversal vulnerability
Critical
CVE-2022-45802
was published
for
org.apache.streampark:streampark-common_2.11
(Maven)
Jul 6, 2023
Apache Linkis Zip Slip issue
Critical
CVE-2023-27603
was published
for
org.apache.linkis:linkis
(Maven)
Jul 6, 2023
php-imap vulnerable to RCE through a directory traversal vulnerability
Critical
CVE-2023-35169
was published
for
webklex/laravel-imap
(Composer)
Jun 21, 2023
sjqzhang go-fastdfs vulnerable to path traversal
Critical
CVE-2023-1800
was published
for
github.com/sjqzhang/go-fastdfs
(Go)
Apr 2, 2023
mlflow is vulnerable to remote file access in `mlflow server` and `mlflow ui` CLIs
Critical
CVE-2023-1177
was published
for
mlflow
(pip)
Mar 24, 2023
Arbitrary file deletion in ureport
Critical
CVE-2023-24188
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Feb 13, 2023
MITM based Zip Slip in `ca.uhn.hapi.fhir:org.hl7.fhir.core`
Critical
CVE-2023-24057
was published
for
ca.uhn.hapi.fhir:org.hl7.fhir.convertors
(Maven)
Jan 23, 2023
webbrowser-rs allows attackers to access arbitrary files via supplying a crafted URL
Critical
CVE-2022-45299
was published
for
webbrowser
(Rust)
Jan 13, 2023
go-unzip vulnerable to Path Traversal
Critical
CVE-2020-36560
was published
for
github.com/artdarek/go-unzip
(Go)
Dec 28, 2022
Unzip vulnerable to path traversal
Critical
CVE-2020-36561
was published
for
github.com/yi-ge/unzip
(Go)
Dec 28, 2022
tar-utils Path Traversal vulnerability
Critical
CVE-2020-36566
was published
for
github.com/whyrusleeping/tar-utils
(Go)
Dec 28, 2022
Cloud Foundry Archiver vulnerable to path traversal
Critical
CVE-2018-25046
was published
for
code.cloudfoundry.org/archiver
(Go)
Dec 28, 2022
ThinkPHP Framework vulnerable to remote code execution
Critical
CVE-2022-47945
was published
for
topthink/framework
(Composer)
Dec 23, 2022
Alist vulnerable to Path Traversal
Critical
CVE-2022-45969
was published
for
github.com/alist-org/alist/v3
(Go)
Dec 16, 2022
SCIFIO vulnerable to Path Traversal
Critical
CVE-2022-4493
was published
for
io.scif:scifio
(Maven)
Dec 14, 2022
Keycloak vulnerable to path traversal via double URL encoding
Critical
CVE-2022-3782
was published
for
org.keycloak:keycloak-parent
(Maven)
Dec 13, 2022
ProTip!
Advisories are also available from the
GraphQL API