GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
4,030
Erlang
29
GitHub Actions
17
Go
1,837
Maven
5,000+
npm
3,575
NuGet
634
pip
3,161
Pub
10
RubyGems
849
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+
638 advisories
Filter by severity
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability...
Critical
Unreviewed
CVE-2024-21877
was published
Aug 12, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via...
Critical
Unreviewed
CVE-2024-21876
was published
Aug 12, 2024
CometVisu Backend for openHAB affected by RCE through path traversal
Critical
CVE-2024-42469
was published
for
org.openhab.ui.bundles:org.openhab.ui.cometvisu
(Maven)
Aug 9, 2024
Jenkins Remoting library arbitrary file read vulnerability
Critical
CVE-2024-43044
was published
for
org.jenkins-ci.main:jenkins-core
(Maven)
Aug 7, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000...
Critical
Unreviewed
CVE-2024-39226
was published
Aug 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-39619
was published
Aug 1, 2024
Remote code execution in Spring Cloud Data Flow
Critical
CVE-2024-37084
was published
for
org.springframework.cloud:spring-cloud-skipper
(Maven)
Jul 25, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is...
Critical
Unreviewed
CVE-2024-40422
was published
Jul 24, 2024
CLSA Directory Traversal vulnerability
Critical
CVE-2024-28698
was published
for
Csla
(NuGet)
Jul 22, 2024
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a...
Critical
Unreviewed
CVE-2024-41704
was published
Jul 22, 2024
TorchServe vulnerable to bypass of allowed_urls configuration
Critical
CVE-2024-35198
was published
for
torchserve
(pip)
Jul 18, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
Critical
Unreviewed
CVE-2024-23475
was published
Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This...
Critical
Unreviewed
CVE-2024-23472
was published
Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code...
Critical
Unreviewed
CVE-2024-23466
was published
Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information...
Critical
Unreviewed
CVE-2024-23467
was published
Jul 17, 2024
Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute...
Critical
Unreviewed
CVE-2024-40524
was published
Jul 16, 2024
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2...
Critical
Unreviewed
CVE-2024-36059
was published
Jun 28, 2024
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote...
Critical
Unreviewed
CVE-2024-6127
was published
Jun 27, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution...
Critical
Unreviewed
CVE-2024-4885
was published
Jun 25, 2024
An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a...
Critical
Unreviewed
CVE-2024-34313
was published
Jun 24, 2024
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The...
Critical
Unreviewed
CVE-2024-33879
was published
Jun 24, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Critical
Unreviewed
CVE-2024-37089
was published
Jun 24, 2024
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table...
Critical
Unreviewed
CVE-2023-45197
was published
Jun 21, 2024
DeepJavaLibrary API absolute path traversal
Critical
CVE-2024-37902
was published
for
ai.djl:api
(Maven)
Jun 17, 2024
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be...
Critical
Unreviewed
CVE-2024-27174
was published
Jun 14, 2024
ProTip!
Advisories are also available from the
GraphQL API