GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,262
Erlang
31
GitHub Actions
21
Go
2,030
Maven
5,000+
npm
3,732
NuGet
662
pip
3,409
Pub
12
RubyGems
891
Rust
865
Swift
36
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
2,244 advisories
Filter by severity
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a...
High
Unreviewed
CVE-2021-43289
was published
Apr 15, 2022
A relative path traversal attack in the B. Braun Melsungen AG SpaceCom Version L81/U61 and...
High
Unreviewed
CVE-2020-25150
was published
Apr 15, 2022
Directory Traversal vulnerability in file cn/roothub/store/FileSystemStorageService in function...
High
Unreviewed
CVE-2022-28052
was published
Apr 14, 2022
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal)...
High
Unreviewed
CVE-2021-22797
was published
Apr 14, 2022
RiteCMS version 3.1.0 and below suffers from an arbitrary file deletion via path traversal...
High
Unreviewed
CVE-2022-24248
was published
Apr 13, 2022
RiteCMS version 3.1.0 and below suffers from an arbitrary file overwrite via path traversal...
High
Unreviewed
CVE-2022-24247
was published
Apr 13, 2022
Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress...
High
Unreviewed
CVE-2022-27844
was published
Apr 12, 2022
Improper access control and path traversal vulnerability in StroageManager and...
High
Unreviewed
CVE-2022-27836
was published
Apr 12, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain...
High
Unreviewed
CVE-2022-27279
was published
Apr 11, 2022
Insecure handling of a download function leads to disclosure of internal files due to path...
High
Unreviewed
CVE-2021-46417
was published
Apr 8, 2022
ASUS RT-AX56U’s update_json function has a path traversal vulnerability due to insufficient...
High
Unreviewed
CVE-2022-23970
was published
Apr 8, 2022
ASUS RT-AX56U’s update_PLC/PORT file has a path traversal vulnerability due to insufficient...
High
Unreviewed
CVE-2022-23971
was published
Apr 8, 2022
aEnrich a+HRD has inadequate filtering for special characters in URLs. An unauthenticated remote...
High
Unreviewed
CVE-2022-26675
was published
Apr 8, 2022
Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via...
High
Unreviewed
CVE-2021-30497
was published
Apr 7, 2022
A path traversal vulnerability was identified in GitHub Enterprise Server management console that...
High
Unreviewed
CVE-2022-23732
was published
Apr 6, 2022
Barco Control Room Management through Suite 2.9 Build 0275 was discovered to be vulnerable to...
High
Unreviewed
CVE-2022-26233
was published
Apr 5, 2022
AVEVA System Platform versions 2017 through 2020 R2 P01 uses external input to construct a...
High
Unreviewed
CVE-2021-32981
was published
Apr 5, 2022
The rc-httpd component through 2022-03-31 for 9front (Plan 9 fork) allows ..%2f directory...
High
Unreviewed
CVE-2022-28380
was published
Apr 4, 2022
An attacker could utilize a function in MDT AutoSave versions prior to v6.02.06 that permits...
High
Unreviewed
CVE-2021-32949
was published
Apr 3, 2022
Delta Electronics DIAEnergie (All versions prior to 1.8.02.004) is vulnerable to path traversal...
High
Unreviewed
CVE-2022-25347
was published
Mar 30, 2022
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does...
High
Unreviewed
CVE-2021-44124
was published
Mar 29, 2022
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as...
High
Unreviewed
CVE-2021-24962
was published
Mar 29, 2022
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal ...
High
Unreviewed
CVE-2022-25267
was published
Mar 25, 2022
The parsing mechanism that processes certain file types does not provide input sanitization for...
High
Unreviewed
CVE-2021-27471
was published
Mar 24, 2022
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths...
High
Unreviewed
CVE-2021-27473
was published
Mar 24, 2022
ProTip!
Advisories are also available from the
GraphQL API