Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
Mautic users able to download any files from server using filemanager Moderate
CVE-2017-1000490 was published for mautic/core (Composer) Jan 19, 2021
Path Traversal within joomla/archive zip class Moderate
CVE-2021-26028 was published for joomla/archive (Composer) Mar 24, 2021
Path Traversal in the Logs plugin for Craft CMS Moderate
CVE-2022-23409 was published for ether/logs (Composer) Feb 1, 2022
Path Traversal in S-Cart Moderate
CVE-2021-44111 was published for s-cart/s-cart (Composer) Feb 12, 2022
Path traversal in pimcore Moderate
CVE-2022-0665 was published for pimcore/pimcore (Composer) Feb 23, 2022
phpSysInfo allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) sequence Moderate
CVE-2006-3360 was published for phpsysinfo/phpsysinfo (Composer) May 1, 2022
CakePHP directory traversal vulnerability allows remote attackers to read arbitrary files Moderate
CVE-2006-5031 was published for cakephp/cakephp (Composer) May 1, 2022
ravage84
Moodle directory traversal vulnerability Moderate
CVE-2015-1493 was published for moodle/moodle (Composer) May 13, 2022
MarkLee131
phpMyAdmin Arbitrary file read vulnerability Moderate
CVE-2019-6799 was published for phpmyadmin/phpmyadmin (Composer) May 13, 2022
MAGMI plugin for Magento Server Directory Traversal Moderate
CVE-2015-2067 was published for dweeves/magmi (Composer) May 13, 2022
LibreNMS Arbitrary File Read Moderate
CVE-2017-16759 was published for librenms/librenms (Composer) May 13, 2022
SabreDAV Directory Traversal vulnerability Moderate
CVE-2013-1939 was published for sabre/dav (Composer) May 14, 2022
Smarty Path Traversal Vulnerability Moderate
CVE-2018-16831 was published for smarty/smarty (Composer) May 14, 2022
Ocramius
OpenCart Path Traversal Moderate
CVE-2018-11495 was published for opencart/opencart (Composer) May 14, 2022
ForkCMS Directory Traversal vulnerability Moderate
CVE-2012-1207 was published for forkcms/forkcms (Composer) May 17, 2022
phpMyAdmin Directory Traversal Vulnerability Moderate
CVE-2011-2718 was published for phpmyadmin/phpmyadmin (Composer) May 17, 2022
Contao Core directory traversal vulnerability Moderate
CVE-2015-0269 was published for contao/core (Composer) May 17, 2022
ImpressCMS Path Traversal to Arbitrary File Delete Moderate
CVE-2014-1836 was published for impresscms/impresscms (Composer) May 17, 2022
Magento Insecure Direct Object Reference (IDOR) vulnerability Moderate
CVE-2019-7925 was published for magento/community-edition (Composer) May 24, 2022
TYPO3 Directory Traversal on ZIP extraction Moderate
CVE-2019-19848 was published for typo3/cms (Composer) May 24, 2022
Magento Path Traversal Moderate
CVE-2020-3717 was published for magento/community-edition (Composer) May 24, 2022
Magento path traversal vulnerability Moderate
CVE-2020-9689 was published for magento/community-edition (Composer) May 24, 2022
browsershot local file inclusion vulnerability Moderate
CVE-2020-7790 was published for spatie/browsershot (Composer) May 24, 2022
Grav CMS Local File Injection Moderate
CVE-2020-29556 was published for getgrav/grav (Composer) May 24, 2022
Magento Path Traversal vulnerability Moderate
CVE-2021-28584 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API