GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
103 advisories
Filter by severity
Ganga allows absolute path traversal
Critical
CVE-2022-31507
was published
for
ganga
(pip)
Jul 13, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31558
was published
for
shiva
(pip)
Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function
Critical
CVE-2022-31573
was published
for
chainerrl-visualizer
(pip)
Jul 12, 2022
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely
Critical
CVE-2022-31506
was published
for
opendiamond
(pip)
Jul 12, 2022
Path Traversal in Beego
Critical
CVE-2022-31836
was published
for
github.com/beego/beego
(Go)
Jul 6, 2022
Path traversal in Concrete CMS
Critical
CVE-2022-30117
was published
for
concrete5/core
(Composer)
Jun 25, 2022
Path Traversal in file editor on Windows in Gogs
Critical
CVE-2022-1992
was published
for
gogs.io/gogs
(Go)
Jun 8, 2022
Path Traversal in django-s3file
Critical
CVE-2022-24840
was published
for
django-s3file
(pip)
Jun 6, 2022
gitjacker arbitrary code execution
Critical
CVE-2021-29417
was published
for
github.com/liamg/gitjacker
(Go)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21686
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21690
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins
Critical
CVE-2021-21692
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
May 24, 2022
SaltStack Salt Directory Traversal vulnerability
Critical
CVE-2021-25282
was published
for
salt
(pip)
May 24, 2022
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component
Critical
CVE-2016-1505
was published
for
Radicale
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-12791
was published
for
salt
(pip)
May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation
Critical
CVE-2017-14695
was published
for
salt
(pip)
May 17, 2022
Path Traversal in Apache Struts
Critical
CVE-2016-6795
was published
for
org.apache.struts:struts2-convention-plugin
(Maven)
May 14, 2022
Directory Traversal in Studio 42 elFinder
Critical
CVE-2018-9110
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
elFinder Path Traversal vulnerability
Critical
CVE-2018-9109
was published
for
studio-42/elfinder
(Composer)
May 13, 2022
Improper path handling in kustomization files allows path traversal
Critical
CVE-2022-24877
was published
for
github.com/fluxcd/flux2
(Go)
May 4, 2022
Path traversal in Hadoop
Critical
CVE-2022-26612
was published
for
org.apache.hadoop:hadoop-common
(Maven)
Apr 8, 2022
Path Traversal in Studio-42 elFinder through 2.1.60
Critical
CVE-2022-26960
was published
for
studio-42/elfinder
(Composer)
Mar 22, 2022
Path Traversal in ImpressCMS
Critical
CVE-2022-24977
was published
for
impresscms/impresscms
(Composer)
Feb 15, 2022
Path Traversal in Eclipse Vert
Critical
CVE-2019-17640
was published
for
io.vertx:vertx-web
(Maven)
Feb 10, 2022
Path Traversal in Crafter CMS Crafter Studio
Critical
CVE-2017-15681
was published
for
org.craftercms:crafter-studio
(Maven)
Feb 9, 2022
ProTip!
Advisories are also available from the
GraphQL API