GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,030
Erlang
29
GitHub Actions
17
Go
1,837
Maven
5,000+
npm
3,575
NuGet
634
pip
3,161
Pub
10
RubyGems
849
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
5,875 advisories
Filter by severity
Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0...
High
Unreviewed
CVE-2024-41628
was published
Jul 26, 2024
SPX (aka php-spx) through 0.4.15 allows SPX_UI_URI Directory Traversal to read arbitrary files.
Moderate
Unreviewed
CVE-2024-42007
was published
Jul 26, 2024
ICEcoder Path Traversal vulnerability
Moderate
CVE-2024-41373
was published
for
icecoder/icecoder
(Composer)
Jul 26, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared...
Moderate
Unreviewed
CVE-2024-7080
was published
Jul 24, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is...
Critical
Unreviewed
CVE-2024-40422
was published
Jul 24, 2024
The MaxiBlocks: 2200+ Patterns, 190 Pages, 14.2K Icons & 100 Styles plugin for WordPress is...
High
Unreviewed
CVE-2024-6885
was published
Jul 23, 2024
A directory path traversal vulnerability exists when loading a vsmodel file in NI VeriStand that...
High
Unreviewed
CVE-2024-6791
was published
Jul 22, 2024
Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to...
High
Unreviewed
CVE-2020-24102
was published
Jul 22, 2024
CLSA Directory Traversal vulnerability
Critical
CVE-2024-28698
was published
for
Csla
(NuGet)
Jul 22, 2024
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a...
Critical
Unreviewed
CVE-2024-41704
was published
Jul 22, 2024
A vulnerability classified as problematic was found in Gargaj wuhu up to...
Moderate
Unreviewed
CVE-2024-6949
was published
Jul 21, 2024
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in...
Moderate
Unreviewed
CVE-2024-3934
was published
Jul 20, 2024
An issue in the component /api/swaggerui/static of Bazaar v1.4.3 allows unauthenticated attackers...
High
Unreviewed
CVE-2024-40348
was published
Jul 20, 2024
Woodpecker's custom workspace allow to overwrite plugin entrypoint executable
High
CVE-2024-41121
was published
for
go.woodpecker-ci.org/woodpecker
(Go)
Jul 19, 2024
TorchServe vulnerable to bypass of allowed_urls configuration
Critical
CVE-2024-35198
was published
for
torchserve
(pip)
Jul 18, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
High
Unreviewed
CVE-2024-28993
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
Critical
Unreviewed
CVE-2024-23475
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion...
High
Unreviewed
CVE-2024-23474
was published
Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This...
Critical
Unreviewed
CVE-2024-23472
was published
Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code...
Critical
Unreviewed
CVE-2024-23466
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
High
Unreviewed
CVE-2024-23468
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
Critical
Unreviewed
CVE-2024-23467
was published
Jul 17, 2024
SeaCMS v12.9 is vulnerable to Arbitrary File Read via admin_safe.php.
Moderate
Unreviewed
CVE-2024-39036
was published
Jul 16, 2024
The WordPress File Upload plugin for WordPress is vulnerable to Directory Traversal in all...
Moderate
Unreviewed
CVE-2024-5852
was published
Jul 16, 2024
ProTip!
Advisories are also available from the
GraphQL API