Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

103 advisories

Loading
Directory traversal in Django Critical
CVE-2011-0698 was published for Django (pip) Jul 23, 2018
MarkLee131
Path Traversal in django-s3file Critical
CVE-2022-24840 was published for django-s3file (pip) Jun 6, 2022
tunecrew syphar
herrbenesch codingjoe
Diffoscope may write to arbitrary locations due to an untrusted archive Critical
CVE-2017-0359 was published for diffoscope (pip) Jul 13, 2018
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
sunSUNQ
Jenkins Remoting library arbitrary file read vulnerability Critical
CVE-2024-43044 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
CLSA Directory Traversal vulnerability Critical
CVE-2024-28698 was published for Csla (NuGet) Jul 22, 2024
rockfordlhotka
CometVisu Backend for openHAB affected by RCE through path traversal Critical
CVE-2024-42469 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Lektor does not sanitize database path traversal Critical
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature Critical
CVE-2024-23827 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1
Remote code execution in Spring Cloud Data Flow Critical
CVE-2024-37084 was published for org.springframework.cloud:spring-cloud-skipper (Maven) Jul 25, 2024
pgAdmin 4 vulnerable to Unsafe Deserialization and Remote Code Execution by an Authenticated user Critical
CVE-2024-2044 was published for pgAdmin4 (pip) Mar 7, 2024
TheZ3ro
GitHub Security Lab (GHSL) Vulnerability Report: Arbitary write GHSL-2023-182 Critical
CVE-2023-50731 was published for mindsdb (pip) Dec 15, 2023
sylwia-budzynska
DeepJavaLibrary API absolute path traversal Critical
CVE-2024-37902 was published for ai.djl:api (Maven) Jun 17, 2024
parisneo/lollms Local File Inclusion (LFI) attack Critical
CVE-2024-4315 was published for lollms (pip) Jun 12, 2024
willdurand/js-translation-bundle potential path traversal attack and remote code injection Critical
GHSA-x86x-qhf8-f37w was published for willdurand/js-translation-bundle (Composer) Jun 7, 2024
sjqzhang go-fastdfs vulnerable to path traversal Critical
CVE-2023-1800 was published for github.com/sjqzhang/go-fastdfs (Go) Apr 2, 2023
Genie Path Traversal vulnerability via File Uploads Critical
CVE-2024-4701 was published for com.netflix.genie:genie-web (Maven) May 9, 2024
jmoritzc53 JoeBeeton
MailDev Remote Code Execution Critical
CVE-2024-27448 was published for maildev (npm) Apr 5, 2024
stypr
SaltStack Salt Directory traversal vulnerability in minion id validation Critical
CVE-2017-14695 was published for salt (pip) May 17, 2022
SaltStack Salt Directory traversal vulnerability in minion id validation Critical
CVE-2017-12791 was published for salt (pip) May 17, 2022
SaltStack Salt Directory Traversal vulnerability Critical
CVE-2021-25282 was published for salt (pip) May 24, 2022
PaddlePaddle Path Traversal vulnerability Critical
CVE-2024-0818 was published for paddlepaddle (pip) Mar 7, 2024
Pterodactyl Wings vulnerable to improper isolation of server file access Critical
CVE-2024-27102 was published for github.com/pterodactyl/wings (Go) Mar 15, 2024
KurtThiemann aft2d
matthewpi
ProTip! Advisories are also available from the GraphQL API