Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

981 advisories

Loading
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
Lektor does not sanitize database path traversal Critical
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
phpMyFAQ Path Traversal in Attachments Low
CVE-2024-29196 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
Grav File Upload Path Traversal High
CVE-2024-27921 was published for getgrav/grav (Composer) Mar 22, 2024
richighimi
Path traversal in webpack-dev-middleware High
CVE-2024-29180 was published for webpack-dev-middleware (npm) Mar 21, 2024
palirichtarik
GeoServer log file path traversal vulnerability High
CVE-2023-41877 was published for org.geoserver:gs-main (Maven) Mar 20, 2024
Anthares101 sumiitgurjar
Container escape at build time High
GHSA-pmf3-c36m-g5cf was published for github.com/containers/buildah (Go) Mar 19, 2024
rmcnamara-snyk
Path traversal in flaskcode Devan-Kerman ARRP High
CVE-2024-24042 was published for net.devtech:arrp (Maven) Mar 19, 2024
Pterodactyl Wings vulnerable to improper isolation of server file access Critical
CVE-2024-27102 was published for github.com/pterodactyl/wings (Go) Mar 15, 2024
KurtThiemann aft2d
matthewpi
Whoogle Search Path Traversal vulnerability Moderate
CVE-2024-22204 was published for whoogle-search (pip) Mar 14, 2024
Apache Pulsar: Pulsar Functions Worker's Archive Extraction Vulnerability Allows Unauthorized File Modification High
CVE-2024-27317 was published for org.apache.pulsar:pulsar-functions-worker (Maven) Mar 12, 2024
oscerd
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
PaddlePaddle Path Traversal vulnerability Critical
CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024
ESPHome vulnerable to remote code execution via arbitrary file write High
CVE-2024-27081 was published for esphome (pip) Mar 1, 2024
Onnx Directory Traversal vulnerability High
CVE-2024-27318 was published for onnx (pip) Feb 23, 2024
iarspider
`@backstage/backend-common` vulnerable to path traversal through symlinks High
CVE-2024-26150 was published for @backstage/backend-common (npm) Feb 23, 2024
Appwrite Directory Traversal vulnerability High
CVE-2022-25377 was published for appwrite/server-ce (Composer) Feb 23, 2024
Path disclosure in JavaScript variable Moderate
CVE-2024-26129 was published for prestashop/prestashop (Composer) Feb 21, 2024
hugo-fasone matks
Helm dependency management path traversal Moderate
CVE-2024-25620 was published for helm.sh/helm/v3 (Go) Feb 15, 2024
dominykas
Absolute path traversal vulnerability in digdag server Moderate
CVE-2024-25125 was published for io.digdag:digdag-server (Maven) Feb 14, 2024
p-
Path Traversal in TYPO3 File Abstraction Layer Storages Moderate
CVE-2023-30451 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader bnf
mapshaper Path Traversal vulnerability Moderate
CVE-2024-1163 was published for mapshaper (npm) Feb 13, 2024
JafarAkhondali
OpenRefine JDBC Attack Vulnerability High
CVE-2024-23833 was published for org.openrefine:database (Maven) Feb 12, 2024
l0n3rs
Allegro AI ClearML path traversal vulnerability High
CVE-2024-24591 was published for clearml (pip) Feb 6, 2024
Apache Sling Servlets Resolver executes malicious code via path traversal High
CVE-2024-23673 was published for org.apache.sling:org.apache.sling.servlets.resolver (Maven) Feb 6, 2024
ProTip! Advisories are also available from the GraphQL API