Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

650 advisories

Loading
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-6445 was published Sep 6, 2024
The WP Job Portal – A Complete Recruitment System for Company or Job Board website plugin for... Critical Unreviewed
CVE-2024-7950 was published Sep 4, 2024
The product allows user input to control or influence paths or file names that are used in... Critical Unreviewed
CVE-2024-3980 was published Aug 27, 2024
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory... Critical Unreviewed
CVE-2024-44761 was published Aug 28, 2024
Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to... Critical Unreviewed
CVE-2024-25065 was published Feb 29, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in... Critical Unreviewed
CVE-2024-43955 was published Aug 29, 2024
An arbitrary file write issue in the exfiltration endpoint in BYOB (Build Your Own Botnet) 2.0... Critical Unreviewed
CVE-2024-45256 was published Aug 26, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability... Critical Unreviewed
CVE-2024-21877 was published Aug 12, 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability via... Critical Unreviewed
CVE-2024-21876 was published Aug 12, 2024
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. (Work on a... Critical Unreviewed
CVE-2024-41704 was published Jul 22, 2024
The Filter & Grids WordPress plugin before 2.8.33 is vulnerable to Local File Inclusion via the... Critical Unreviewed
CVE-2024-6164 was published Jul 18, 2024
Arbitrary file read vulnerability through the Jenkins CLI can lead to RCE Critical
CVE-2024-23897 was published for org.jenkins-ci.main:jenkins-core (Maven) Jan 24, 2024
sunSUNQ
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form &... Critical Unreviewed
CVE-2024-7777 was published Aug 20, 2024
Jenkins Remoting library arbitrary file read vulnerability Critical
CVE-2024-43044 was published for org.jenkins-ci.main:jenkins-core (Maven) Aug 7, 2024
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12... Critical Unreviewed
CVE-2024-7262 was published Aug 15, 2024
Improper path validation in promecefpluginhost.exe in Kingsoft WPS Office version ranging from 12... Critical Unreviewed
CVE-2024-7263 was published Aug 15, 2024
Jan path traversal vulnerability Critical
CVE-2024-37273 was published for @janhq/core (npm) Jun 4, 2024
CLSA Directory Traversal vulnerability Critical
CVE-2024-28698 was published for Csla (NuGet) Jul 22, 2024
rockfordlhotka
F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory... Critical Unreviewed
CVE-2024-25830 was published Feb 29, 2024
CometVisu Backend for openHAB affected by RCE through path traversal Critical
CVE-2024-42469 was published for org.openhab.ui.bundles:org.openhab.ui.cometvisu (Maven) Aug 9, 2024
p-
GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000... Critical Unreviewed
CVE-2024-39226 was published Aug 6, 2024
TorchServe vulnerable to bypass of allowed_urls configuration Critical
CVE-2024-35198 was published for torchserve (pip) Jul 18, 2024
Lektor does not sanitize database path traversal Critical
CVE-2024-28335 was published for Lektor (pip) Mar 27, 2024
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature Critical
CVE-2024-23827 was published for github.com/0xJacky/Nginx-UI (Go) Jan 29, 2024
Elleuch-x1
Directory Traversal vulnerability in CubeCart v.6.5.5 and before allows an attacker to execute... Critical Unreviewed
CVE-2024-34832 was published Jun 6, 2024
ProTip! Advisories are also available from the GraphQL API