Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,077
Erlang
29
GitHub Actions
19
Go
1,901
Maven
5,000+
npm
3,631
NuGet
638
pip
3,244
Pub
10
RubyGems
863
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+

45 advisories

Loading
czim/file-handling vulnerable to SSRF and directory traversal Moderate
CVE-2024-47049 was published for czim/file-handling (Composer) Sep 17, 2024
Contao affected by directory traversal in the file selector widget Moderate
CVE-2024-45604 was published for contao/core-bundle (Composer) Sep 17, 2024
usdResponsibleDisclosure
Magento Open Source Path Traversal vulnerability Moderate
CVE-2024-39406 was published for magento/community-edition (Composer) Aug 14, 2024
ICEcoder Path Traversal vulnerability Moderate
CVE-2024-41373 was published for icecoder/icecoder (Composer) Jul 26, 2024
Twig Path Traversal vulnerability in the filesystem loader Moderate
GHSA-7cvr-xhm5-x998 was published for twig/twig (Composer) May 30, 2024
Path disclosure in JavaScript variable Moderate
CVE-2024-26129 was published for prestashop/prestashop (Composer) Feb 21, 2024
hugo-fasone matks
Path Traversal in TYPO3 File Abstraction Layer Storages Moderate
CVE-2023-30451 was published for typo3/cms-core (Composer) Feb 13, 2024
ohader bnf
Duplicate Advisory: TYPO3 Arbitrary File Read via Directory Traversal Moderate
GHSA-3gjc-mp82-fj4q was published for typo3/cms-core (Composer) Dec 25, 2023 withdrawn
Potential URI resolution path traversal in the AWS SDK for PHP Moderate
CVE-2023-51651 was published for aws/aws-sdk-php (Composer) Dec 21, 2023
arkark
baserCMS Directory Traversal vulnerability in Form submission data management Feature Moderate
CVE-2023-43648 was published for baserproject/basercms (Composer) Oct 26, 2023
PrestaShop file access through path traversal Moderate
CVE-2023-39528 was published for prestashop/prestashop (Composer) Aug 9, 2023
PrestaShop path traversal Moderate
CVE-2023-39525 was published for prestashop/prestashop (Composer) Aug 9, 2023
Pimcore Path Traversal Vulnerability in AssetController:importServerFilesAction Moderate
CVE-2023-38708 was published for pimcore/pimcore (Composer) Aug 3, 2023
TobiSW
Pimcore Path Traversal Vulnerability in AdminBundle/Controller/Reports/CustomReportController.php Moderate
CVE-2023-30855 was published for pimcore/pimcore (Composer) May 2, 2023
Arbitrary File Read in Admin JS CSS files Moderate
CVE-2023-30852 was published for pimcore/pimcore (Composer) Apr 27, 2023
Path Traversal in Asset "import from server" option Moderate
CVE-2023-2336 was published for pimcore/pimcore (Composer) Apr 27, 2023
rekter0
Path Traversal Vulnerability in `LESS` Parser allows reading of sensitive server files Moderate
CVE-2023-27577 was published for flarum/core (Composer) Mar 13, 2023
SUKOHI Surpass Path Traversal vulnerability Moderate
CVE-2015-10030 was published for sukohi/surpass (Composer) Jan 8, 2023
UniSharp Laravel Filemanager directory traversal vulnerability Moderate
CVE-2022-40734 was published for unisharp/laravel-filemanager (Composer) Sep 15, 2022
streamtw
Path Traversal in FileGator Moderate
CVE-2022-1850 was published for filegator/filegator (Composer) May 25, 2022
Magento Path Traversal vulnerability Moderate
CVE-2021-28584 was published for magento/community-edition (Composer) May 24, 2022
Grav CMS Local File Injection Moderate
CVE-2020-29556 was published for getgrav/grav (Composer) May 24, 2022
browsershot local file inclusion vulnerability Moderate
CVE-2020-7790 was published for spatie/browsershot (Composer) May 24, 2022
Magento path traversal vulnerability Moderate
CVE-2020-9689 was published for magento/community-edition (Composer) May 24, 2022
Magento Path Traversal Moderate
CVE-2020-3717 was published for magento/community-edition (Composer) May 24, 2022
ProTip! Advisories are also available from the GraphQL API