Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

654 advisories

Loading
CometVisu Backend for openHAB affected by RCE through path traversal Critical
CVE-2024-42469 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39226 was published Aug 6, 2024
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Lektor does not sanitize database path traversal Critical
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature Critical
CVE-2024-23827 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute... Critical Unreviewed
CVE-2024-34832 was published Jun 6, 2024
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-32113 was published May 8, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-39619 was published Aug 1, 2024
Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-40524 was published Jul 16, 2024
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182 Critical
CVE-2023-50731 was published for mindsdb (pip) Dec 15, 2023
sylwia-budzynska
It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An... Critical Unreviewed
CVE-2021-42013 was published May 24, 2022
A path traversal vulnerability in the web interfaces of Buffalo WSR-2533DHPL2 firmware version <=... Critical Unreviewed
CVE-2021-20090 was published May 24, 2022
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is... Critical Unreviewed
CVE-2024-40422 was published Jul 24, 2024
The Startklar Elementor Addons plugin for WordPress is vulnerable to Directory Traversal in all... Critical Unreviewed
CVE-2024-5153 was published Jun 6, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information... Critical Unreviewed
CVE-2024-23475 was published Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This... Critical Unreviewed
CVE-2024-23472 was published Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information... Critical Unreviewed
CVE-2024-23467 was published Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code... Critical Unreviewed
CVE-2024-23466 was published Jul 17, 2024
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2... Critical Unreviewed
CVE-2024-36059 was published Jun 28, 2024
Remote Command program allows an attacker to get Remote Code Execution by overwriting existing... Critical Unreviewed
CVE-2024-27173 was published Jun 14, 2024
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be... Critical Unreviewed
CVE-2024-27174 was published Jun 14, 2024
The Toshiba printers provide several ways to upload files using the admin web interface. An... Critical Unreviewed
CVE-2024-27145 was published Jun 14, 2024
The Toshiba printers provide several ways to upload files using the web interface without... Critical Unreviewed
CVE-2024-27144 was published Jun 14, 2024
ProTip! Advisories are also available from the GraphQL API