GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
Neo4j Graph Database vulnerable to Path Traversal
Critical
CVE-2021-42767
was published
for
org.neo4j.procedure:apoc
(Maven)
Feb 1, 2022
Path traversal in Apache James
Critical
CVE-2021-40525
was published
for
org.apache.james:james-server
(Maven)
Jan 21, 2022
Apache Solr Improper Input Validation and Path Traversal
Critical
CVE-2021-44548
was published
for
org.apache.solr:solr-parent
(Maven)
Jan 6, 2022
Path traversal in librenms/librenms
Critical
CVE-2021-44278
was published
for
librenms/librenms
(Composer)
Dec 10, 2021
Path manipulation in matyhtf/framework
Critical
CVE-2021-43676
was published
for
matyhtf/framework
(Composer)
Dec 4, 2021
Directory Traversal in typo3/phar-stream-wrapper
Critical
CVE-2019-11831
was published
for
drupal/core
(Composer)
Sep 30, 2021
Remote code execution in UReport
Critical
CVE-2020-21125
was published
for
com.bstek.ureport:ureport2-core
(Maven)
Sep 20, 2021
Tarslip in go-unarr
Critical
CVE-2021-38197
was published
for
github.com/gen2brain/go-unarr
(Go)
Sep 1, 2021
Path Traversal in Dutchcoders transfer.sh
Critical
CVE-2021-33497
was published
for
github.com/dutchcoders/transfer.sh
(Go)
Jun 29, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE
Critical
CVE-2021-32682
was published
for
studio-42/elfinder
(Composer)
Jun 16, 2021
The Fuck Arbitrary File Deletion via Path Traversal
Critical
CVE-2021-34363
was published
for
thefuck
(pip)
Jun 15, 2021
Path traversal in rollup-plugin-serve
Critical
CVE-2020-7684
was published
for
rollup-plugin-serve
(npm)
May 18, 2021
remote code execution via cache action in MoinMoin
Critical
CVE-2020-25074
was published
for
moin
(pip)
Nov 11, 2020
Arbitrary File Write in iobroker.admin
Critical
CVE-2019-10765
was published
for
iobroker.admin
(npm)
Sep 4, 2020
Path Traversal in @wturyn/swagger-injector
Critical
GHSA-4x7w-frcq-v4m3
was published
for
@wturyn/swagger-injector
(npm)
Sep 3, 2020
Path Traversal in swagger-injector
Critical
GHSA-v4x8-gw49-7hv4
was published
for
swagger-injector
(npm)
Sep 3, 2020
Arbitrary file write in actionpack-page_caching gem
Critical
CVE-2020-8159
was published
for
actionpack-page_caching
(RubyGems)
May 13, 2020
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location
Critical
CVE-2018-12542
was published
for
io.vertx:vertx-web
(Maven)
Oct 17, 2018
ProTip!
Advisories are also available from the
GraphQL API