Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,030
Erlang
29
GitHub Actions
17
Go
1,837
Maven
5,000+
npm
3,575
NuGet
634
pip
3,161
Pub
10
RubyGems
849
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

638 advisories

Loading
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability... Critical Unreviewed
CVE-2024-21877 was published Aug 12, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via... Critical Unreviewed
CVE-2024-21876 was published Aug 12, 2024
CometVisu Backend for openHAB affected by RCE through path traversal Critical
CVE-2024-42469 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
Jenkins Remoting library arbitrary file read vulnerability Critical
CVE-2024-43044 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39226 was published Aug 6, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-39619 was published Aug 1, 2024
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is... Critical Unreviewed
CVE-2024-40422 was published Jul 24, 2024
CLSA Directory Traversal vulnerability Critical
CVE-2024-28698 was published for Csla (NuGet) Jul 22, 2024
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a... Critical Unreviewed
CVE-2024-41704 was published Jul 22, 2024
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information... Critical Unreviewed
CVE-2024-23475 was published Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This... Critical Unreviewed
CVE-2024-23472 was published Jul 17, 2024
SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code... Critical Unreviewed
CVE-2024-23466 was published Jul 17, 2024
The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information... Critical Unreviewed
CVE-2024-23467 was published Jul 17, 2024
Directory Traversal vulnerability in xmind2testcase v.1.5 allows a remote attacker to execute... Critical Unreviewed
CVE-2024-40524 was published Jul 16, 2024
Directory Traversal vulnerability in Kalkitech ASE ASE61850 IEDSmart upto and including version 2... Critical Unreviewed
CVE-2024-36059 was published Jun 28, 2024
BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote... Critical Unreviewed
CVE-2024-6127 was published Jun 27, 2024
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution... Critical Unreviewed
CVE-2024-4885 was published Jun 25, 2024
An issue in VPL Jail System up to v4.0.2 allows attackers to execute a directory traversal via a... Critical Unreviewed
CVE-2024-34313 was published Jun 24, 2024
An issue was discovered in VirtoSoftware Virto Bulk File Download 5.5.44 for SharePoint 2019. The... Critical Unreviewed
CVE-2024-33879 was published Jun 24, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-37089 was published Jun 24, 2024
The file upload plugin in Adminer and AdminerEvo allows an attacker to upload a file with a table... Critical Unreviewed
CVE-2023-45197 was published Jun 21, 2024
DeepJavaLibrary API absolute path traversal Critical
CVE-2024-37902 was published for ai.djl:api (Maven) Jun 17, 2024
Remote Command program allows an attacker to get Remote Code Execution. This vulnerability can be... Critical Unreviewed
CVE-2024-27174 was published Jun 14, 2024
ProTip! Advisories are also available from the GraphQL API