Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

585 advisories

Loading
cmseasy v7.7.7.7 20230520 was discovered to contain a path traversal vulnerability via the... Critical Unreviewed
CVE-2023-34880 was published Jun 15, 2023
Directory traversal vulnerability in ujcms 6.0.2 allows attackers to move files via the rename... Critical Unreviewed
CVE-2023-34865 was published Jun 14, 2023
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to... Critical Unreviewed
CVE-2023-2278 was published Jun 13, 2023
AMI BMC contains a vulnerability in the IPMI handler, where an attacker can upload and download... Critical Unreviewed
CVE-2023-34342 was published Jun 12, 2023
The Adning Advertising plugin for WordPress is vulnerable to file deletion via path traversal in... Critical Unreviewed
CVE-2020-36728 was published Jun 7, 2023
In Percona Monitoring and Management (PMM) server 2.x before 2.37.1, the authenticate function in... Critical Unreviewed
CVE-2023-34409 was published Jun 6, 2023
Keyboard Themes 1.275.1.164 for Android contains a dictionary traversal vulnerability that allows... Critical Unreviewed
CVE-2023-29736 was published Jun 1, 2023
EZ Sync service fails to adequately handle user input, allowing an attacker to navigate beyond... Critical Unreviewed
CVE-2023-2909 was published May 31, 2023
Fox-IT DataDiode (aka Fox DataDiode) 3.4.3 suffers from a path traversal vulnerability with... Critical Unreviewed
CVE-2022-47526 was published May 31, 2023
An issue was discovered in AudioCodes Device Manager Express through 7.8.20002.47752. Remote code... Critical Unreviewed
CVE-2022-24629 was published May 29, 2023
Directory traversal vulnerability in MW WP Form versions v4.4.2 and earlier allows a remote... Critical Unreviewed
CVE-2023-28408 was published May 23, 2023
Directory traversal vulnerability in Snow Monkey Forms versions v5.0.6 and earlier allows a... Critical Unreviewed
CVE-2023-28413 was published May 23, 2023
MicroEngine Mailform version 1.1.0 to 1.1.8 contains a path traversal vulnerability. If the... Critical Unreviewed
CVE-2023-27507 was published May 23, 2023
WebPlus Pro v1.4.7.8.4-01 is vulnerable to Incorrect Access Control. Critical Unreviewed
CVE-2020-20012 was published May 23, 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that... Critical Unreviewed
CVE-2022-36327 was published May 18, 2023
CLTPHP <=6.0 is vulnerable to Improper Input Validation. Critical Unreviewed
CVE-2023-30268 was published May 4, 2023
A vulnerability in the Wi-Fi file transfer module of Shanling M5S Portable Music Player with... Critical Unreviewed
CVE-2023-27105 was published Apr 25, 2023
Timmystudios Fast Typing Keyboard v1.275.1.162 allows unauthorized apps to overwrite arbitrary... Critical Unreviewed
CVE-2022-47027 was published Apr 14, 2023
Directory Traversal vulnerability found in T-ME Studios Change Color of Keypad v.1.275.1.277... Critical Unreviewed
CVE-2023-27648 was published Apr 14, 2023
bloofox v0.5.2 was discovered to contain an arbitrary file deletion vulnerability via the... Critical Unreviewed
CVE-2023-27812 was published Apr 13, 2023
The Hummingbird WordPress plugin before 3.4.2 does not validate the generated file path for page... Critical Unreviewed
CVE-2023-1478 was published Apr 10, 2023
BiblioCraft before 2.4.6 does not sanitize path-traversal characters in filenames, allowing... Critical Unreviewed
CVE-2023-29478 was published Apr 7, 2023
Directory Traversal vulnerability found in B3log Wide allows a an attacker to escalate privileges... Critical Unreviewed
CVE-2020-19279 was published Apr 4, 2023
This vulnerability allows remote attackers to delete arbitrary files on affected installations of... Critical Unreviewed
CVE-2022-2560 was published Mar 29, 2023
This vulnerability allows remote attackers to execute arbitrary code on affected installations of... Critical Unreviewed
CVE-2022-36981 was published Mar 29, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database