Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

650 advisories

Loading
Directory traversal vulnerability in RubyZip Critical
CVE-2017-5946 was published for rubyzip (RubyGems) Oct 24, 2017
tdunlap607
Diffoscope may write to arbitrary locations due to an untrusted archive Critical
CVE-2017-0359 was published for diffoscope (pip) Jul 13, 2018
Path Traversal in html-pages Critical
CVE-2018-3744 was published for html-pages (npm) Sep 18, 2018
Eclipse Vert.x does not properly neutralize '' (forward slashes) sequences that can resolve to an external location Critical
CVE-2018-12542 was published for io.vertx:vertx-web (Maven) Oct 17, 2018
tdunlap607
Arbitrary file write in actionpack-page_caching gem Critical
CVE-2020-8159 was published for actionpack-page_caching (RubyGems) May 13, 2020
Path Traversal in sapper Critical
GHSA-f3vw-587g-r29g was published for sapper (npm) Sep 3, 2020
Path Traversal in f-serv Critical
GHSA-vx5w-cxch-wwc9 was published for f-serv (npm) Sep 3, 2020
Path Traversal in swagger-injector Critical
GHSA-v4x8-gw49-7hv4 was published for swagger-injector (npm) Sep 3, 2020
Path Traversal in @wturyn/swagger-injector Critical
GHSA-4x7w-frcq-v4m3 was published for @wturyn/swagger-injector (npm) Sep 3, 2020
Path Traversal in decompress Critical
CVE-2020-12265 was published for decompress (npm) Sep 3, 2020
tdunlap607
Arbitrary File Write in iobroker.admin Critical
CVE-2019-10765 was published for iobroker.admin (npm) Sep 4, 2020
remote code execution via cache action in MoinMoin Critical
CVE-2020-25074 was published for moin (pip) Nov 11, 2020
Path traversal in rollup-plugin-serve Critical
CVE-2020-7684 was published for rollup-plugin-serve (npm) May 18, 2021
The Fuck Arbitrary File Deletion via Path Traversal Critical
CVE-2021-34363 was published for thefuck (pip) Jun 15, 2021
elFinder before 2.1.59 contains multiple vulnerabilities leading to RCE Critical
CVE-2021-32682 was published for studio-42/elfinder (Composer) Jun 16, 2021
thomas-chauchefoin-sonarsource
Path traversal in impacket Critical
CVE-2021-31800 was published for impacket (pip) Jun 18, 2021
Path Traversal in Dutchcoders transfer.sh Critical
CVE-2021-33497 was published for github.com/dutchcoders/transfer.sh (Go) Jun 29, 2021
Path traversal in mozwire Critical
CVE-2020-35883 was published for mozwire (Rust) Aug 25, 2021
Tarslip in go-unarr Critical
CVE-2021-38197 was published for github.com/gen2brain/go-unarr (Go) Sep 1, 2021
J3rry-1729
Remote code execution in UReport Critical
CVE-2020-21125 was published for com.bstek.ureport:ureport2-core (Maven) Sep 20, 2021
Directory Traversal in typo3/phar-stream-wrapper Critical
CVE-2019-11831 was published for drupal/core (Composer) Sep 30, 2021
Using the parameter of getPFXFolderList function, attackers can see the information of... Critical Unreviewed
CVE-2020-7882 was published Nov 23, 2021
An unspecified version of tripexpress is affected by a path manipulation vulnerability in file... Critical Unreviewed
CVE-2021-43691 was published Nov 30, 2021
** UNSUPPORTED WHEN ASSIGNED ** ThinkUp 2.0-beta.10 is affected by a path manipulation... Critical Unreviewed
CVE-2021-43674 was published Dec 4, 2021
Path manipulation in matyhtf/framework Critical
CVE-2021-43676 was published for matyhtf/framework (Composer) Dec 4, 2021
Rudloff
ProTip! Advisories are also available from the GraphQL API