Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

658 advisories

Loading
Path Traversal in @wturyn/swagger-injector Critical
GHSA-4x7w-frcq-v4m3 was published for @wturyn/swagger-injector (npm) Sep 3, 2020
Path Traversal in swagger-injector Critical
GHSA-v4x8-gw49-7hv4 was published for swagger-injector (npm) Sep 3, 2020
Arbitrary File Write in iobroker.admin Critical
CVE-2019-10765 was published for iobroker.admin (npm) Sep 4, 2020
Path Traversal in sapper Critical
GHSA-f3vw-587g-r29g was published for sapper (npm) Sep 3, 2020
Path Traversal in f-serv Critical
GHSA-vx5w-cxch-wwc9 was published for f-serv (npm) Sep 3, 2020
nhttpd in Nostromo before 2.1 is vulnerable to a path traversal that may allow an attacker to... Critical Unreviewed
CVE-2022-48253 was published Jan 11, 2023
The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to... Critical Unreviewed
CVE-2022-4101 was published Jan 16, 2023
Keycloak vulnerable to path traversal via double URL encoding Critical
CVE-2022-3782 was published for org.keycloak:keycloak-parent (Maven) Dec 13, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet... Critical Unreviewed
CVE-2021-42854 was published Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Critical Unreviewed
CVE-2021-42853 was published Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)... Critical Unreviewed
CVE-2021-42787 was published Mar 11, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private... Critical Unreviewed
CVE-2021-45887 was published Mar 14, 2022
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. Critical Unreviewed
CVE-2022-1000 was published Mar 18, 2022
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer... Critical Unreviewed
CVE-2020-25176 was published Mar 19, 2022
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path... Critical Unreviewed
CVE-2022-0679 was published Mar 29, 2022
Path traversal in Hadoop Critical
CVE-2022-26612 was published for org.apache.hadoop:hadoop-common (Maven) Apr 8, 2022
InHand Networks InRouter 900 Industrial 4G Router before v1.0.0.r11700 was discovered to contain... Critical Unreviewed
CVE-2022-27277 was published Apr 11, 2022
Dell VNX2 for File version 8.1.21.266 and earlier, contain a path traversal vulnerability which... Critical Unreviewed
CVE-2021-36288 was published Apr 9, 2022
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes... Critical Unreviewed
CVE-2021-43741 was published Apr 14, 2022
A CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')... Critical Unreviewed
CVE-2021-22794 was published Apr 14, 2022
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker who has compromised a... Critical Unreviewed
CVE-2021-43290 was published Apr 15, 2022
The Admin Word Count Column WordPress plugin through 2.2 does not validate the path parameter... Critical Unreviewed
CVE-2022-1390 was published Apr 26, 2022
Neo4j Graph Database vulnerable to Path Traversal Critical
CVE-2021-42767 was published for org.neo4j.procedure:apoc (Maven) Feb 1, 2022
ngrodum
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL... Critical Unreviewed
CVE-2014-4650 was published May 17, 2022
urllib in Python 2.x through 2.7.16 supports the local_file: scheme, which makes it easier for... Critical Unreviewed
CVE-2019-9948 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API