GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,238
Erlang
31
GitHub Actions
21
Go
2,005
Maven
5,000+
npm
3,716
NuGet
661
pip
3,388
Pub
11
RubyGems
885
Rust
851
Swift
36
Unreviewed advisories
All unreviewed
5,000+
107 advisories
Filter by severity
Directory traversal vulnerability in RubyZip
Critical
CVE-2017-5946
was published
for
rubyzip
(RubyGems)
Oct 24, 2017
Diffoscope may write to arbitrary locations due to an untrusted archive
Critical
CVE-2017-0359
was published
for
diffoscope
(pip)
Jul 13, 2018
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
Critical
CVE-2018-12542
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
Arbitrary file write in actionpack-page_caching gem
Critical
CVE-2020-8159
was published
for
actionpack-page_caching
(RubyGems)
May 13, 2020
Path Traversal in swagger-injector
Critical
GHSA-v4x8-gw49-7hv4
was published
for
swagger-injector
(npm)
Sep 3, 2020
Path Traversal in @wturyn/swagger-injector
Critical
GHSA-4x7w-frcq-v4m3
was published
for
@wturyn/swagger-injector
(npm)
Sep 3, 2020
Arbitrary File Write in iobroker.admin
Critical
CVE-2019-10765
was published
for
iobroker.admin
(npm)
Sep 4, 2020
Path traversal in rollup-plugin-serve
Critical
CVE-2020-7684
was published
for
rollup-plugin-serve
(npm)
May 18, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
Path Traversal in Dutchcoders transfer.sh
Critical
CVE-2021-33497
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
Tarslip in go-unarr
Critical
CVE-2021-38197
was published
for
github.com/gen2brain/go-unarr
(Go)
Sep 1, 2021
Remote code execution in UReport
Critical
CVE-2020-21125
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Sep 20, 2021
Directory Traversal in typo3/phar-stream-wrapper
Critical
CVE-2019-11831
was published
for
drupal/core
(Composer)
Sep 30, 2021
Arbitrary file reading vulnerability in Aim
Critical
CVE-2021-43775
was published
for
aim
(pip)
Nov 23, 2021
Path manipulation in matyhtf/framework
Critical
CVE-2021-43676
was published
for
matyhtf/framework
(Composer)
Dec 4, 2021
Path traversal in librenms/librenms
Critical
CVE-2021-44278
was published
for
librenms/librenms
(Composer)
Dec 10, 2021
Apache Solr Improper Input Validation and Path Traversal
Critical
CVE-2021-44548
was published
for
org.apache.solr:solr-parent
(Maven)
Jan 6, 2022
Path traversal in Apache James
Critical
CVE-2021-40525
was published
for
org.apache.james:james-server
(Maven)
Jan 21, 2022
ProTip!
Advisories are also available from the
GraphQL API