Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,030
Erlang
29
GitHub Actions
17
Go
1,837
Maven
5,000+
npm
3,575
NuGet
634
pip
3,161
Pub
10
RubyGems
849
Rust
798
Swift
34
Unreviewed advisories
All unreviewed
5,000+

20 advisories

Loading
tgstation-server's DreamMaker environment files outside the deployment directory can be compiled and ran by insufficiently permissioned users High
CVE-2024-41799 was published for Tgstation.Server.Api (NuGet) Jul 29, 2024
SandPoot Cyberboss
CLSA Directory Traversal vulnerability Critical
CVE-2024-28698 was published for Csla (NuGet) Jul 22, 2024
Using the directory back payload (“/../”) in a package name allows placement of package in other folders. Low
CVE-2023-49089 was published for Umbraco.CMS (NuGet) Dec 13, 2023
Directory traversal + file write causing arbitrary code execution High
CVE-2023-30626 was published for Jellyfin.Controller (NuGet) Apr 24, 2023
theGEBIRGE
DNN vulnerable to Relative Path Traversal Moderate
CVE-2022-2922 was published for DotNetNuke.Core (NuGet) Oct 1, 2022
DNN Path Traversal via Zip Slip High
CVE-2020-5187 was published for DotNetNuke.Core (NuGet) May 24, 2022
CoreFTP Directory Traversal Moderate
CVE-2019-9648 was published for CoreFtp (NuGet) May 14, 2022
Improper Limitation of a Pathname to a Restricted Directory in SharpZipLib Moderate
CVE-2018-1002208 was published for SharpZipLib (NuGet) May 13, 2022
CuteSoft CuteEditor Path Traversal vulnerability Moderate
CVE-2009-4665 was published for CuteEditor (NuGet) May 2, 2022
Path Traversal: 'dir/../../filename' in moment.locale High
CVE-2022-24785 was published for Moment.js (npm) Apr 4, 2022
Path Traversal in SharpZipLib Moderate
CVE-2021-32842 was published for SharpZipLib (NuGet) Feb 1, 2022
Path Traversal in SharpZipLib Moderate
CVE-2021-32841 was published for SharpZipLib (NuGet) Feb 1, 2022
Path Traversal in SharpZipLib High
CVE-2021-32840 was published for SharpZipLib (NuGet) Feb 1, 2022
Partial path traversal in sharpcompress Moderate
CVE-2021-39208 was published for sharpcompress (NuGet) Sep 20, 2021
JarLob geoffodonnell
Path traversal in elFinder.NetCore High
CVE-2021-23428 was published for elFinder.NetCore (NuGet) Sep 2, 2021
Directory Traversal in elFinder.AspNet High
CVE-2021-23415 was published for elFinder.AspNet (NuGet) Aug 9, 2021
Path Traversal in elFinder.Net.Core High
CVE-2021-23407 was published for elFinder.Net.Core (NuGet) Aug 2, 2021
Authenticated path traversal in Umbraco CMS Moderate
CVE-2020-5811 was published for UmbracoCms (NuGet) Apr 13, 2021
Directory Traversal in SharpCompress Moderate
CVE-2018-1002206 was published for sharpcompress (NuGet) Sep 11, 2019
geoffodonnell
High severity vulnerability that affects DotNetZip High
CVE-2018-1002205 was published for DotNetZip (NuGet) Oct 16, 2018
ProTip! Advisories are also available from the GraphQL API