GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+
60 advisories
Filter by severity
Path traversal in github.com/ipfs/go-ipfs
High
CVE-2020-26279
was published
for
github.com/ipfs/go-ipfs
(Go)
Jun 23, 2021
Path traversal in u-root
High
CVE-2020-7665
was published
for
github.com/u-root/u-root
(Go)
May 18, 2021
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server
High
CVE-2022-24730
was published
for
github.com/argoproj/argo-cd
(Go)
Mar 24, 2022
Arbitrary file read in ginadmin
High
CVE-2022-30428
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
Path traversal in ginadmin
High
CVE-2022-30427
was published
for
github.com/gphper/ginadmin
(Go)
May 26, 2022
Path Traversal in Git HTTP endpoints in Gogs
High
CVE-2022-1993
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Flux CLI Workload Injection
High
CVE-2022-36035
was published
for
github.com/fluxcd/flux2
(Go)
Sep 1, 2022
Path traversal and files overwrite with unsquashfs in singularity
High
CVE-2020-15229
was published
for
github.com/sylabs/singularity
(Go)
May 24, 2021
Casdoor arbitrary file deletion vulnerability via uploadFile function
High
CVE-2022-44942
was published
for
github.com/casdoor/casdoor
(Go)
Dec 7, 2022
Arbitrary file write in nats-server
High
CVE-2022-26652
was published
for
github.com/nats-io/nats-server/v2
(Go)
Mar 10, 2022
act vulnerable to arbitrary file upload in artifact server
High
CVE-2023-22726
was published
for
github.com/nektos/act
(Go)
Jan 20, 2023
Path traversal in claircore
High
CVE-2021-3762
was published
for
github.com/quay/claircore
(Go)
Mar 4, 2022
Unsafe tar unpacking in HashiCorp go-slug
High
CVE-2020-29529
was published
for
github.com/hashicorp/go-slug
(Go)
Feb 6, 2023
Path Traversal in gin-vue-admin
High
CVE-2022-47762
was published
for
github.com/flipped-aurora/gin-vue-admin
(Go)
Feb 3, 2023
Zip slip directory exploit in github.com/deislabs/oras
High
CVE-2021-21272
was published
for
github.com/deislabs/oras
(Go)
Feb 15, 2022
Hertz contains path traversal via normalizePath function
High
CVE-2022-40082
was published
for
github.com/cloudwego/hertz
(Go)
Sep 29, 2022
Goa vulnerable to path traversal
High
CVE-2019-25073
was published
for
github.com/goadesign/goa
(Go)
Dec 28, 2022
mount destinations can be swapped via symlink-exchange to cause mounts outside the rootfs
High
CVE-2021-30465
was published
for
github.com/opencontainers/runc
(Go)
May 25, 2021
Yapscan's report receiver server vulnerable to path traversal and log injection
High
GHSA-9h6h-9g78-86f7
was published
for
github.com/fkie-cad/yapscan
(Go)
Dec 29, 2022
Arbitrary file reads in HashiCorp Nomad
High
CVE-2022-24683
was published
for
github.com/hashicorp/nomad
(Go)
Feb 18, 2022
Path traversal in ServiceCenter
High
CVE-2021-21501
was published
for
github.com/apache/servicecomb-service-center
(Go)
Sep 1, 2021
Goutil vulnerable to path traversal when unzipping files
High
CVE-2023-27475
was published
for
github.com/gookit/goutil
(Go)
Mar 7, 2023
Kraken has arbitrary file read vulnerability via component testfs
High
CVE-2022-47747
was published
for
github.com/uber/kraken
(Go)
Jan 20, 2023
Podman Path Traversal Vulnerability leads to arbitrary file read/write
High
CVE-2019-10152
was published
for
github.com/containers/podman
(Go)
May 24, 2022
Insecure path traversal in Git Trigger Source can lead to arbitrary file read
High
CVE-2022-25856
was published
for
github.com/argoproj/argo-events
(Go)
Jun 17, 2022
ProTip!
Advisories are also available from the
GraphQL API