GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
104 advisories
Filter by severity
Contao affected by directory traversal in the file selector widget
Moderate
CVE-2024-45604
was published
for
contao/core-bundle
(Composer)
Sep 17, 2024
czim/file-handling vulnerable to SSRF and directory traversal
Moderate
CVE-2024-47049
was published
for
czim/file-handling
(Composer)
Sep 17, 2024
Mautic vulnerable to Relative Path Traversal / Arbitrary File Deletion due to GrapesJS builder
High
CVE-2021-27916
was published
for
mautic/core
(Composer)
Apr 12, 2024
Magento Open Source Path Traversal vulnerability
Moderate
CVE-2024-39406
was published
for
magento/community-edition
(Composer)
Aug 14, 2024
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
High
CVE-2024-42485
was published
for
pxlrbt/filament-excel
(Composer)
Aug 12, 2024
Appwrite Directory Traversal vulnerability
High
CVE-2022-25377
was published
for
appwrite/server-ce
(Composer)
Feb 23, 2024
Zip slip in opencart
High
CVE-2024-21518
was published
for
opencart/opencart
(Composer)
Jun 22, 2024
ICEcoder Path Traversal vulnerability
Moderate
CVE-2024-41373
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection
Critical
GHSA-x86x-qhf8-f37w
was published
for
willdurand/js-translation-bundle
(Composer)
Jun 7, 2024
ZendFramework local file inclusion vector in `Zend_View::setScriptPath()` and `render()`
High
GHSA-hx3m-959f-v849
was published
for
zendframework/zendframework1
(Composer)
Jun 7, 2024
TYPO3 Arbitrary Code Execution and Cross-Site Scripting in Backend API
High
GHSA-x428-565f-8xj2
was published
for
typo3/cms-core
(Composer)
May 30, 2024
Twig Path Traversal vulnerability in the filesystem loader
Moderate
GHSA-7cvr-xhm5-x998
was published
for
twig/twig
(Composer)
May 30, 2024
Magento Insecure Direct Object Reference (IDOR) vulnerability
Moderate
CVE-2019-7925
was published
for
magento/community-edition
(Composer)
May 24, 2022
Path Traversal within joomla/archive tar class
High
CVE-2022-23793
was published
for
joomla/archive
(Composer)
Mar 31, 2022
Grav Vulnerable to Arbitrary File Read to Account Takeover
High
CVE-2024-34082
was published
for
getgrav/grav
(Composer)
May 15, 2024
Grav CMS Arbitrary File Deletion
High
CVE-2020-29555
was published
for
getgrav/grav
(Composer)
May 24, 2022
Grav File Upload Path Traversal
High
CVE-2024-27921
was published
for
getgrav/grav
(Composer)
Mar 22, 2024
Contao Core directory traversal vulnerability
High
CVE-2017-10993
was published
for
contao/contao
(Composer)
May 13, 2022
Contao Core directory traversal vulnerability
Moderate
CVE-2015-0269
was published
for
contao/core
(Composer)
May 17, 2022
TYPO3 Directory Traversal on ZIP extraction
Moderate
CVE-2019-19848
was published
for
typo3/cms
(Composer)
May 24, 2022
EC-CUBE Directory traversal vulnerability
Low
CVE-2022-40199
was published
for
ec-cube/ec-cube
(Composer)
Sep 28, 2022
EC-CUBE Directory traversal vulnerability
High
CVE-2020-5590
was published
for
ec-cube/ec-cube
(Composer)
May 24, 2022
TeamPass PHP arbitrary file include vulnerability
High
CVE-2020-12479
was published
for
nilsteampassnet/teampass
(Composer)
May 24, 2022
Grav CMS Local File Injection
Moderate
CVE-2020-29556
was published
for
getgrav/grav
(Composer)
May 24, 2022
phpMyAdmin Arbitrary file read vulnerability
Moderate
CVE-2019-6799
was published
for
phpmyadmin/phpmyadmin
(Composer)
May 13, 2022
ProTip!
Advisories are also available from the
GraphQL API