Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

2,619 advisories

Loading
phpok v3.0 was discovered to contain an arbitrary file read vulnerability via the component ... High Unreviewed
CVE-2024-44867 was published Sep 10, 2024
Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7... High Unreviewed
CVE-2024-37728 was published Sep 10, 2024
nix 2.24 through 2.24.5 allows directory traversal via a symlink in a nar file, because of... High Unreviewed
CVE-2024-45845 was published Sep 10, 2024
A vulnerability has been discovered in Node.js version 20, specifically within the experimental... High Unreviewed
CVE-2023-30584 was published Sep 7, 2024
SeaCMS v13.1 was discovered to an arbitrary file read vulnerability via the component admin_safe... High Unreviewed
CVE-2024-44720 was published Sep 9, 2024
A path traversal vulnerability allows an attacker with a low-privileged account and local access... High Unreviewed
CVE-2024-40712 was published Sep 7, 2024
Path traversal vulnerability in stripe-cli High
CVE-2024-45401 was published for github.com/stripe/stripe-cli (Go) Sep 5, 2024
A path traversal issue in API endpoint in M-Files Server before version 24.8.13981.0 allows... High Unreviewed
CVE-2024-6789 was published Aug 27, 2024
malicious container creates symlink "mtab" on the host External High
CVE-2024-5154 was published for github.com/cri-o/cri-o (Go) Jun 4, 2024
eriksjolund
Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote... High Unreviewed
CVE-2024-33274 was published Apr 30, 2024
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute... High Unreviewed
CVE-2024-34656 was published Sep 4, 2024
A path traversal vulnerability has been reported to affect several QNAP operating system versions... High Unreviewed
CVE-2023-51366 was published Sep 6, 2024
Raiden MAILD Remote Management System from Team Johnlong Software has a Relative Path Traversal... High Unreviewed
CVE-2024-7693 was published Aug 12, 2024
Path Traversal in Ansible High
CVE-2020-1737 was published for ansible (pip) Apr 20, 2021
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is... High Unreviewed
CVE-2024-45175 was published Sep 5, 2024
An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user... High Unreviewed
CVE-2024-45178 was published Sep 5, 2024
Couchbase Server 7.1.4 before 7.1.5 and 7.2.0 before 7.2.1 allows Directory Traversal. High Unreviewed
CVE-2023-36667 was published Nov 9, 2023
@actions/artifact has an Arbitrary File Write via artifact extraction High
CVE-2024-42471 was published for @actions/artifact (npm) Sep 3, 2024
JLHwung
@actions/download-artifact has an Arbitrary File Write via artifact extraction High
GHSA-cxww-7g56-2vh6 was published for actions/download-artifact (GitHub Actions) Sep 3, 2024
holmanb
The The Ultimate WordPress Toolkit – WP Extended plugin for WordPress is vulnerable to Directory... High Unreviewed
CVE-2024-8104 was published Sep 4, 2024
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download... High Unreviewed
CVE-2021-20124 was published May 24, 2022
Arbitrary file reading vulnerability in Aim High
CVE-2021-43775 was published for aim (pip) Nov 23, 2021
haby0
A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download... High Unreviewed
CVE-2021-20123 was published May 24, 2022
Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to... High Unreviewed
CVE-2024-5865 was published Jul 2, 2024
Ollama can extract members of a ZIP archive outside of the parent directory High
CVE-2024-45436 was published for github.com/ollama/ollama (Go) Aug 29, 2024
ProTip! Advisories are also available from the GraphQL API