GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
654 advisories
Filter by severity
CometVisu Backend for openHAB affected by RCE through path traversal
Critical
CVE-2024-42469
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39226
was published
Aug 6, 2024
TorchServe vulnerable to bypass of allowed_urls configuration
Critical
CVE-2024-35198
was published
for
torchserve
(pip)
Jul 18, 2024
Lektor does not sanitize database path traversal
Critical
CVE-2024-28335
was published
for
Lektor
(pip)
Mar 27, 2024
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature
Critical
CVE-2024-23827
was published
for
github.com/0xJacky/Nginx-UI
(Go)
Jan 29, 2024
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute...
Critical
Unreviewed
CVE-2024-34832
was published
Jun 6, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user
Critical
CVE-2024-2044
was published
for
pgAdmin4
(pip)
Mar 7, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-32113
was published
May 8, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-39619
was published
Aug 1, 2024
Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-40524
was published
Jul 16, 2024
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182
Critical
CVE-2023-50731
was published
for
mindsdb
(pip)
Dec 15, 2023
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An...
Critical
Unreviewed
CVE-2021-42013
was published
May 24, 2022
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <=...
Critical
Unreviewed
CVE-2021-20090
was published
May 24, 2022
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is...
Critical
Unreviewed
CVE-2024-40422
was published
Jul 24, 2024
The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all...
Critical
Unreviewed
CVE-2024-5153
was published
Jun 6, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
Critical
Unreviewed
CVE-2024-23475
was published
Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This...
Critical
Unreviewed
CVE-2024-23472
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
Critical
Unreviewed
CVE-2024-23467
was published
Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code...
Critical
Unreviewed
CVE-2024-23466
was published
Jul 17, 2024
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2...
Critical
Unreviewed
CVE-2024-36059
was published
Jun 28, 2024
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing...
Critical
Unreviewed
CVE-2024-27173
was published
Jun 14, 2024
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be...
Critical
Unreviewed
CVE-2024-27174
was published
Jun 14, 2024
The Toshiba printers provide several ways to upload files using the admin web interface. An...
Critical
Unreviewed
CVE-2024-27145
was published
Jun 14, 2024
The Toshiba printers provide several ways to upload files using the web interface without...
Critical
Unreviewed
CVE-2024-27144
was published
Jun 14, 2024
ProTip!
Advisories are also available from the
GraphQL API