Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Ganga allows absolute path traversal Critical
CVE-2022-31507 was published for ganga (pip) Jul 13, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely Critical
CVE-2022-31558 was published for shiva (pip) Jul 12, 2022
ChainerRL Visualizer 0.1.1 vulnerable to Path Traversal via unsafe use of send_file function Critical
CVE-2022-31573 was published for chainerrl-visualizer (pip) Jul 12, 2022
SatyaLab opendiamond 10.1.1 vulnerable to path traversal because Flask send_file function used unsafely Critical
CVE-2022-31506 was published for opendiamond (pip) Jul 12, 2022
Path Traversal in Beego Critical
CVE-2022-31836 was published for github.com/beego/beego (Go) Jul 6, 2022
Path traversal in Concrete CMS Critical
CVE-2022-30117 was published for concrete5/core (Composer) Jun 25, 2022
Path Traversal in file editor on Windows in Gogs Critical
CVE-2022-1992 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
Path Traversal in django-s3file Critical
CVE-2022-24840 was published for django-s3file (pip) Jun 6, 2022
tunecrew syphar
herrbenesch codingjoe
gitjacker arbitrary code execution Critical
CVE-2021-29417 was published for github.com/liamg/gitjacker (Go) May 24, 2022
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21686 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault westonsteimel
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21690 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
Multiple vulnerabilities allow bypassing path filtering of agent-to-controller access control in Jenkins Critical
CVE-2021-21692 was published for org.jenkins-ci.main:jenkins-core (Maven) May 24, 2022
NotMyFault
SaltStack Salt Directory Traversal vulnerability Critical
CVE-2021-25282 was published for salt (pip) May 24, 2022
Radicale is vulnerable to directory traversal on Windows Filesystem Storage Backend component Critical
CVE-2016-1505 was published for Radicale (pip) May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation Critical
CVE-2017-12791 was published for salt (pip) May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation Critical
CVE-2017-14695 was published for salt (pip) May 17, 2022
Path Traversal in Apache Struts Critical
CVE-2016-6795 was published for org.apache.struts:struts2-convention-plugin (Maven) May 14, 2022
sunSUNQ
Directory Traversal in Studio 42 elFinder Critical
CVE-2018-9110 was published for studio-42/elfinder (Composer) May 13, 2022
elFinder Path Traversal vulnerability Critical
CVE-2018-9109 was published for studio-42/elfinder (Composer) May 13, 2022
Improper path handling in kustomization files allows path traversal Critical
CVE-2022-24877 was published for github.com/fluxcd/flux2 (Go) May 4, 2022
hiddeco kurt-r2c
Path traversal in Hadoop Critical
CVE-2022-26612 was published for org.apache.hadoop:hadoop-common (Maven) Apr 8, 2022
Path Traversal in Studio-42 elFinder through 2.1.60 Critical
CVE-2022-26960 was published for studio-42/elfinder (Composer) Mar 22, 2022
Path Traversal in ImpressCMS Critical
CVE-2022-24977 was published for impresscms/impresscms (Composer) Feb 15, 2022
Path Traversal in Eclipse Vert Critical
CVE-2019-17640 was published for io.vertx:vertx-web (Maven) Feb 10, 2022
Path Traversal in Crafter CMS Crafter Studio Critical
CVE-2017-15681 was published for org.craftercms:crafter-studio (Maven) Feb 9, 2022
ProTip! Advisories are also available from the GraphQL API