GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,903
Maven
5,000+
npm
3,632
NuGet
638
pip
3,249
Pub
10
RubyGems
864
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
658 advisories
Filter by severity
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer...
Critical
Unreviewed
CVE-2020-25176
was published
Mar 19, 2022
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7.
Critical
Unreviewed
CVE-2022-1000
was published
Mar 18, 2022
An issue was discovered in PONTON X/P Messenger before 3.11.2. Due to path traversal in private...
Critical
Unreviewed
CVE-2021-45887
was published
Mar 14, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)...
Critical
Unreviewed
CVE-2021-42787
was published
Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA)...
Critical
Unreviewed
CVE-2021-42853
was published
Mar 11, 2022
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's (DSA) PluginServlet...
Critical
Unreviewed
CVE-2021-42854
was published
Mar 11, 2022
An path traversal vulnerability leading to delete arbitrary files was discovered in BigFileAgent....
Critical
Unreviewed
CVE-2021-26619
was published
Feb 19, 2022
Path Traversal in ImpressCMS
Critical
CVE-2022-24977
was published
for
impresscms/impresscms
(Composer)
Feb 15, 2022
IBM Planning Analytics 2.0 and IBM Planning Analytics Workspace 2.0 DQM API allows submitting of...
Critical
Unreviewed
CVE-2021-38892
was published
Feb 12, 2022
Multiple Mitsubishi Electric Factory Automation products have a vulnerability that allows an...
Critical
Unreviewed
CVE-2020-14523
was published
Feb 12, 2022
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that...
Critical
Unreviewed
CVE-2022-24311
was published
Feb 11, 2022
A CWE-22: Improper Limitation of a Pathname to a Restricted Directory vulnerability exists that...
Critical
Unreviewed
CVE-2022-24312
was published
Feb 11, 2022
Path Traversal in Eclipse Vert
Critical
CVE-2019-17640
was published
for
io.vertx:vertx-web
(Maven)
Feb 10, 2022
Path Traversal in Crafter CMS Crafter Studio
Critical
CVE-2017-15681
was published
for
org.craftercms:crafter-studio
(Maven)
Feb 9, 2022
mozilo2.0 was discovered to be vulnerable to directory traversal attacks via the parameter...
Critical
Unreviewed
CVE-2022-23357
was published
Feb 8, 2022
The Essential Addons for Elementor WordPress plugin before 5.0.5 does not validate and sanitise...
Critical
Unreviewed
CVE-2022-0320
was published
Feb 2, 2022
Neo4j Graph Database vulnerable to Path Traversal
Critical
CVE-2021-42767
was published
for
org.neo4j.procedure:apoc
(Maven)
Feb 1, 2022
The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive...
Critical
Unreviewed
CVE-2021-23520
was published
Feb 1, 2022
A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an...
Critical
Unreviewed
CVE-2020-17383
was published
Jan 25, 2022
Path traversal in Apache James
Critical
CVE-2021-40525
was published
for
org.apache.james:james-server
(Maven)
Jan 21, 2022
Apache Solr Improper Input Validation and Path Traversal
Critical
CVE-2021-44548
was published
for
org.apache.solr:solr-parent
(Maven)
Jan 6, 2022
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability...
Critical
Unreviewed
CVE-2021-37128
was published
Jan 4, 2022
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due...
Critical
Unreviewed
CVE-2021-45427
was published
Dec 31, 2021
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily...
Critical
Unreviewed
CVE-2020-20944
was published
Dec 28, 2021
ProTip!
Advisories are also available from the
GraphQL API