GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
47 advisories
Filter by severity
Path Traversal in ImpressCMS
High
CVE-2021-26601
was published
for
impresscms/impresscms
(Composer)
Mar 29, 2022
Twig may load a template outside a configured directory when using the filesystem loader
High
CVE-2022-39261
was published
for
twig/twig
(Composer)
Sep 30, 2022
ICEcoder vulnerable to Path Traversal
High
CVE-2022-34026
was published
for
icecoder/icecoder
(Composer)
Sep 23, 2022
melisplatform/melis-asset-manager vulnerable to Path Traversal
High
CVE-2022-39296
was published
for
melisplatform/melis-asset-manager
(Composer)
Oct 11, 2022
Path Traversal in LibreNMS
High
CVE-2019-12464
was published
for
librenms/librenms
(Composer)
Oct 11, 2019
Local File Inclusion by unauthenticated users
High
CVE-2020-15246
was published
for
october/cms
(Composer)
Nov 23, 2020
Zip slip in Microweber
High
CVE-2020-28337
was published
for
microweber/microweber
(Composer)
Feb 10, 2022
Potential Zip Slip Vulnerability in baserCMS
High
CVE-2021-41279
was published
for
baserproject/basercms
(Composer)
Dec 1, 2021
PHP file inclusion in the Sulu admin panel
High
CVE-2021-43836
was published
for
sulu/sulu
(Composer)
Dec 15, 2021
elFinder vulnerable to path traversal in LocalVolumeDriver connector
High
CVE-2023-35840
was published
for
studio-42/elfinder
(Composer)
Jun 14, 2023
Directory Traversal in Archive_Tar
High
CVE-2020-36193
was published
for
pear/archive_tar
(Composer)
Apr 22, 2021
Lavalite vulnerable to Arbitrary File Read via Directory Traversal
High
CVE-2022-42188
was published
for
lavalite/cms
(Composer)
Oct 19, 2022
Fix for arbitrary file deletion in customer media allows for remote code execution
High
CVE-2021-41143
was published
for
openmage/magento-lts
(Composer)
Jan 27, 2023
Path traversal in pimcore/pimcore
High
CVE-2021-23340
was published
for
pimcore/pimcore
(Composer)
Feb 25, 2021
Cecil Path Traversal vulnerability
High
CVE-2023-4914
was published
for
cecil/cecil
(Composer)
Sep 12, 2023
OpenCart Path Traversal vulnerability
High
CVE-2023-2315
was published
for
opencart/opencart
(Composer)
Sep 27, 2023
Path traversal vulnerability in the file manager
High
CVE-2023-29200
was published
for
contao/contao
(Composer)
Apr 26, 2023
Froxlor vulnerable to Path Traversal
High
CVE-2023-3172
was published
for
froxlor/froxlor
(Composer)
Jun 9, 2023
OroPlatform vulnerable to path traversal during temporary file manipulations
High
CVE-2022-41951
was published
for
oro/platform
(Composer)
Nov 27, 2023
Magento Path Traversal vulnerability
High
CVE-2022-34254
was published
for
magento/community-edition
(Composer)
Aug 17, 2022
Broken Access Control in Form Framework
High
CVE-2021-21357
was published
for
typo3/cms
(Composer)
Mar 23, 2021
Symfony Directory Traversal
High
CVE-2017-16654
was published
for
symfony/intl
(Composer)
May 14, 2022
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle
High
CVE-2020-5237
was published
for
oneup/uploader-bundle
(Composer)
Feb 18, 2020
ProTip!
Advisories are also available from the
GraphQL API