GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
39 advisories
Filter by severity
cap-std doesn't fully sandbox all the Windows device filenames
Low
CVE-2024-51756
was published
for
cap-async-std
(Rust)
Nov 5, 2024
Lord of Large Language Models (LoLLMs) Server path traversal vulnerability in lollms_file_system.py
Low
CVE-2024-6971
was published
for
lollms
(pip)
Oct 11, 2024
Agnai vulnerable to Relative Path Traversal in Image Upload
Low
CVE-2024-47171
was published
for
agnai
(npm)
Sep 26, 2024
Agnai File Disclosure Vulnerability: JSON via Path Traversal
Low
CVE-2024-47170
was published
for
agnai
(npm)
Sep 26, 2024
Cross site scripting in Concrete CMS
Low
CVE-2024-8291
was published
for
concrete5/concrete5
(Composer)
Sep 25, 2024
Path traversal vulnerability in stripe-cli
Low
CVE-2024-45401
was published
for
github.com/stripe/stripe-cli
(Go)
Sep 5, 2024
Jenkins Report Info Plugin Path Traversal vulnerability
Low
CVE-2024-5273
was published
for
org.jenkins-ci.plugins:report-info
(Maven)
May 24, 2024
JADX file override vulnerability
Low
GHSA-hvp5-5x4f-33fq
was published
for
io.github.skylot:jadx-core
(Maven)
Apr 22, 2024
phpMyFAQ Path Traversal in Attachments
Low
CVE-2024-29196
was published
for
phpmyfaq/phpmyfaq
(Composer)
Mar 25, 2024
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal
Low
GHSA-qwf7-rv77-fcr3
was published
for
iodine
(RubyGems)
Jan 4, 2024
•
withdrawn
Winter CMS Local File Inclusion through Server Side Template Injection
Low
CVE-2023-52085
was published
for
winter/wn-backend-module
(Composer)
Jan 2, 2024
Using the directory back payload (“/../”) in a package name allows placement of package in other folders.
Low
CVE-2023-49089
was published
for
Umbraco.CMS
(NuGet)
Dec 13, 2023
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip)
Low
CVE-2023-46122
was published
for
org.scala-sbt:io_2.12
(Maven)
Oct 24, 2023
Pleroma Path Traversal vulnerability
Low
CVE-2023-5588
was published
for
pleroma
(Erlang)
Oct 16, 2023
sudo-rs Session File Relative Path Traversal vulnerability
Low
CVE-2023-42456
was published
for
sudo-rs
(Rust)
Sep 21, 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it
Low
CVE-2023-41057
was published
for
hyper-bump-it
(pip)
Sep 4, 2023
Graylog server has partial path traversal vulnerability in Support Bundle feature
Low
CVE-2023-41044
was published
for
org.graylog2:graylog2-server
(Maven)
Jul 6, 2023
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted remote PyPI package
Low
CVE-2022-23530
was published
for
guarddog
(pip)
Dec 5, 2022
GuardDog vulnerable to arbitrary file write when scanning a specially-crafted PyPI package
Low
CVE-2022-23531
was published
for
guarddog
(pip)
Dec 2, 2022
EC-CUBE Directory traversal vulnerability
Low
CVE-2022-40199
was published
for
ec-cube/ec-cube
(Composer)
Sep 28, 2022
Cargo extracting malicious crates can corrupt arbitrary files
Low
CVE-2022-36113
was published
for
cargo
(Rust)
Sep 16, 2022
Path Traversal in XWiki Platform
Low
CVE-2022-29253
was published
for
org.xwiki.platform:xwiki-platform-oldcore
(Maven)
Jun 1, 2022
Kubernetes Secrets Store CSI Driver plugins arbitrary file write
Low
CVE-2020-8567
was published
for
github.com/Azure/secrets-store-csi-driver-provider-azure
(Go)
May 24, 2022
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite
Low
CVE-2016-1000021
was published
for
cli
(npm)
May 24, 2022
•
withdrawn
ProTip!
Advisories are also available from the
GraphQL API