Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

39 advisories

Loading
Arbitrary File Write in cli Low
CVE-2016-10538 was published for cli (npm) Feb 18, 2019
Directory Traversal in send Low
CVE-2014-6394 was published for send (npm) Oct 24, 2017
Path Traversal in XWiki Platform Low
CVE-2022-29253 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 1, 2022
Path traversal in Jenkins Mercurial Plugin Low
CVE-2022-30948 was published for org.jenkins-ci.plugins:mercurial (Maven) May 18, 2022
NotMyFault
Path traversal in Node-Red Low
CVE-2021-21298 was published for @node-red/runtime (npm) Feb 26, 2021
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it Low
CVE-2023-41057 was published for hyper-bump-it (pip) Sep 4, 2023
plannigan
Graylog server has partial path traversal vulnerability in Support Bundle feature Low
CVE-2023-41044 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
weiweiwei9811
sudo-rs Session File Relative Path Traversal vulnerability Low
CVE-2023-42456 was published for sudo-rs (Rust) Sep 21, 2023
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki Low
GHSA-8459-6rc9-8vf8 was published for github.com/cloudflare/cfrpki (Go) Feb 14, 2022
Puppet vulnerable to Path Traversal Low
CVE-2012-3865 was published for puppet (RubyGems) Oct 24, 2017
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip) Low
CVE-2023-46122 was published for org.scala-sbt:io_2.12 (Maven) Oct 24, 2023
xuwei-k eed3si9n
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite Low
CVE-2016-1000021 was published for cli (npm) May 24, 2022 withdrawn
Path traversal in Jenkins REPO Plugin Low
CVE-2022-30949 was published for org.jenkins-ci.plugins:git (Maven) May 18, 2022
NotMyFault
Winter CMS Local File Inclusion through Server Side Template Injection Low
CVE-2023-52085 was published for winter/wn-backend-module (Composer) Jan 2, 2024
Sanineng
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal Low
GHSA-qwf7-rv77-fcr3 was published for iodine (RubyGems) Jan 4, 2024 withdrawn
Malicious URL drafting attack against iodines static file server may allow path traversal Low
CVE-2024-22050 was published for iodine (RubyGems) Oct 7, 2019
Apache Tomcat Path Traversal Vulnerability Low
CVE-2007-5461 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Plugin archive directory traversal in Helm Low
CVE-2020-4053 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
snoopysecurity
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat Low
CVE-2010-3718 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
oliverchang sunSUNQ
Pleroma Path Traversal vulnerability Low
CVE-2023-5588 was published for pleroma (Erlang) Oct 16, 2023
phpMyFAQ Path Traversal in Attachments Low
CVE-2024-29196 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
JADX file override vulnerability Low
GHSA-hvp5-5x4f-33fq was published for io.github.skylot:jadx-core (Maven) Apr 22, 2024
Cl0udG0d
EC-CUBE Directory traversal vulnerability Low
CVE-2022-40199 was published for ec-cube/ec-cube (Composer) Sep 28, 2022
Symlink bypasses filesystem sandbox Low
CVE-2024-38358 was published for wasmer (Rust) Jun 7, 2024
yagehu
ProTip! Advisories are also available from the GraphQL API