Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

47 advisories

Loading
Path Traversal in ImpressCMS High
CVE-2021-26601 was published for impresscms/impresscms (Composer) Mar 29, 2022
Twig may load a template outside a configured directory when using the filesystem loader High
CVE-2022-39261 was published for twig/twig (Composer) Sep 30, 2022
ICEcoder vulnerable to Path Traversal High
CVE-2022-34026 was published for icecoder/icecoder (Composer) Sep 23, 2022
melisplatform/melis-asset-manager vulnerable to Path Traversal High
CVE-2022-39296 was published for melisplatform/melis-asset-manager (Composer) Oct 11, 2022
Path Traversal in LibreNMS High
CVE-2019-12464 was published for librenms/librenms (Composer) Oct 11, 2019
Local File Inclusion by unauthenticated users High
CVE-2020-15246 was published for october/cms (Composer) Nov 23, 2020
ka1n4t
Path traversal in bolt/core High
CVE-2021-27367 was published for bolt/core (Composer) Feb 18, 2021
Zip slip in Microweber High
CVE-2020-28337 was published for microweber/microweber (Composer) Feb 10, 2022
Potential Zip Slip Vulnerability in baserCMS High
CVE-2021-41279 was published for baserproject/basercms (Composer) Dec 1, 2021
Path traversal in grav High
CVE-2021-3924 was published for getgrav/grav (Composer) Nov 10, 2021
PHP file inclusion in the Sulu admin panel High
CVE-2021-43836 was published for sulu/sulu (Composer) Dec 15, 2021
elFinder vulnerable to path traversal in LocalVolumeDriver connector High
CVE-2023-35840 was published for studio-42/elfinder (Composer) Jun 14, 2023
sectroyer
Directory Traversal in Archive_Tar High
CVE-2020-36193 was published for pear/archive_tar (Composer) Apr 22, 2021
Lavalite vulnerable to Arbitrary File Read via Directory Traversal High
CVE-2022-42188 was published for lavalite/cms (Composer) Oct 19, 2022
Fix for arbitrary file deletion in customer media allows for remote code execution High
CVE-2021-41143 was published for openmage/magento-lts (Composer) Jan 27, 2023
Path traversal in pimcore/pimcore High
CVE-2021-23340 was published for pimcore/pimcore (Composer) Feb 25, 2021
Cecil Path Traversal vulnerability High
CVE-2023-4914 was published for cecil/cecil (Composer) Sep 12, 2023
OpenCart Path Traversal vulnerability High
CVE-2023-2315 was published for opencart/opencart (Composer) Sep 27, 2023
Path traversal vulnerability in the file manager High
CVE-2023-29200 was published for contao/contao (Composer) Apr 26, 2023
Froxlor vulnerable to Path Traversal High
CVE-2023-3172 was published for froxlor/froxlor (Composer) Jun 9, 2023
OroPlatform vulnerable to path traversal during temporary file manipulations High
CVE-2022-41951 was published for oro/platform (Composer) Nov 27, 2023
Magento Path Traversal vulnerability High
CVE-2022-34254 was published for magento/community-edition (Composer) Aug 17, 2022
Broken Access Control in Form Framework High
CVE-2021-21357 was published for typo3/cms (Composer) Mar 23, 2021
sushiwushi waldhacker1
Symfony Directory Traversal High
CVE-2017-16654 was published for symfony/intl (Composer) May 14, 2022
Relative Path Traversal (CWE-23) in chunked uploads in oneup/uploader-bundle High
CVE-2020-5237 was published for oneup/uploader-bundle (Composer) Feb 18, 2020
ProTip! Advisories are also available from the GraphQL API