Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,062
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,622
NuGet
638
pip
3,233
Pub
10
RubyGems
857
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

654 advisories

Loading
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely Critical
CVE-2022-31558 was published for shiva (pip) Jul 12, 2022
The olmax99/pyathenastack repository through 2019-11-08 on GitHub allows absolute path traversal... Critical Unreviewed
CVE-2022-31550 was published Jul 12, 2022
The JustAnotherSoftwareDeveloper/Python-Recipe-Database repository through 2021-03-31 on GitHub... Critical Unreviewed
CVE-2022-31518 was published Jul 12, 2022
The ThundeRatz/ThunderDocs repository through 2020-05-01 on GitHub allows absolute path traversal... Critical Unreviewed
CVE-2022-31526 was published Jul 12, 2022
The jmcginty15/Solar-system-simulator repository through 2021-07-26 on GitHub allows absolute... Critical Unreviewed
CVE-2022-31537 was published Jul 12, 2022
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary... Critical Unreviewed
CVE-2022-1953 was published Jun 28, 2022
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload... Critical Unreviewed
CVE-2022-1518 was published Jun 25, 2022
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed
CVE-2020-20944 was published Dec 28, 2021
The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal... Critical Unreviewed
CVE-2022-31511 was published Jul 12, 2022
The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal... Critical Unreviewed
CVE-2022-31513 was published Jul 12, 2022
The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because... Critical Unreviewed
CVE-2022-31508 was published Jul 12, 2022
Path traversal in Concrete CMS Critical
CVE-2022-30117 was published for concrete5/core (Composer) Jun 25, 2022
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path... Critical Unreviewed
CVE-2022-2119 was published Jun 25, 2022
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices... Critical Unreviewed
CVE-2017-9097 was published May 17, 2022
iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal. Critical Unreviewed
CVE-2022-29774 was published Jun 22, 2022
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension... Critical Unreviewed
CVE-2017-1000002 was published May 17, 2022
A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical.... Critical Unreviewed
CVE-2019-25098 was published Jan 5, 2023
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution... Critical Unreviewed
CVE-2017-11389 was published May 17, 2022
A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected... Critical Unreviewed
CVE-2019-25097 was published Jan 5, 2023
Path Traversal in file editor on Windows in Gogs Critical
CVE-2022-1992 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
ZipSlip vulnerability in bblfshd Critical Unreviewed
CVE-2021-32825 was published May 24, 2022
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted... Critical Unreviewed
CVE-2022-28945 was published Jun 3, 2022
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2021-20034 was published May 24, 2022
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file... Critical Unreviewed
CVE-2022-32270 was published Jun 4, 2022
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow... Critical Unreviewed
CVE-2021-26714 was published May 24, 2022
ProTip! Advisories are also available from the GraphQL API