Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,056
Erlang
29
GitHub Actions
19
Go
1,889
Maven
5,000+
npm
3,611
NuGet
638
pip
3,209
Pub
10
RubyGems
853
Rust
816
Swift
35
Unreviewed advisories
All unreviewed
5,000+

30 advisories

Loading
Owncast Path Traversal vulnerability Low
CVE-2024-31450 was published for github.com/owncast/owncast (Go) Aug 5, 2024
Symlink bypasses filesystem sandbox Low
CVE-2024-38358 was published for wasmer (Rust) Jun 7, 2024
yagehu
JADX file override vulnerability Low
GHSA-hvp5-5x4f-33fq was published for io.github.skylot:jadx-core (Maven) Apr 22, 2024
Cl0udG0d
phpMyFAQ Path Traversal in Attachments Low
CVE-2024-29196 was published for phpmyfaq/phpmyfaq (Composer) Mar 25, 2024
kevinnivekkevin
Duplicate Advisory: Malicious URL drafting attack against iodines static file server may allow path traversal Low
GHSA-qwf7-rv77-fcr3 was published for iodine (RubyGems) Jan 4, 2024 withdrawn
Winter CMS Local File Inclusion through Server Side Template Injection Low
CVE-2023-52085 was published for winter/wn-backend-module (Composer) Jan 2, 2024
Sanineng
Using the directory back payload (“/../”) in a package name allows placement of package in other folders. Low
CVE-2023-49089 was published for Umbraco.CMS (NuGet) Dec 13, 2023
sbt vulnerable to arbitrary file write via archive extraction (Zip Slip) Low
CVE-2023-46122 was published for org.scala-sbt:io_2.12 (Maven) Oct 24, 2023
xuwei-k eed3si9n
Pleroma Path Traversal vulnerability Low
CVE-2023-5588 was published for pleroma (Erlang) Oct 16, 2023
sudo-rs Session File Relative Path Traversal vulnerability Low
CVE-2023-42456 was published for sudo-rs (Rust) Sep 21, 2023
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in hyper-bump-it Low
CVE-2023-41057 was published for hyper-bump-it (pip) Sep 4, 2023
plannigan
Graylog server has partial path traversal vulnerability in Support Bundle feature Low
CVE-2023-41044 was published for org.graylog2:graylog2-server (Maven) Jul 6, 2023
weiweiwei9811
Starlette has Path Traversal vulnerability in StaticFiles Low
CVE-2023-29159 was published for starlette (pip) May 17, 2023
aminalaee
EC-CUBE Directory traversal vulnerability Low
CVE-2022-40199 was published for ec-cube/ec-cube (Composer) Sep 28, 2022
Cargo extracting malicious crates can corrupt arbitrary files Low
CVE-2022-36113 was published for cargo (Rust) Sep 16, 2022
pietroalbini litios
Path Traversal in XWiki Platform Low
CVE-2022-29253 was published for org.xwiki.platform:xwiki-platform-oldcore (Maven) Jun 1, 2022
Duplicate Advisory: Node CLI Allows Arbitrary File Overwrite Low
CVE-2016-1000021 was published for cli (npm) May 24, 2022 withdrawn
Path traversal in Jenkins REPO Plugin Low
CVE-2022-30949 was published for org.jenkins-ci.plugins:git (Maven) May 18, 2022
NotMyFault
Path traversal in Jenkins Mercurial Plugin Low
CVE-2022-30948 was published for org.jenkins-ci.plugins:mercurial (Maven) May 18, 2022
NotMyFault
Improper Limitation of a Pathname to a Restricted Directory in Apache Tomcat Low
CVE-2010-3718 was published for org.apache.tomcat:tomcat (Maven) May 14, 2022
oliverchang sunSUNQ
Apache Tomcat Path Traversal Vulnerability Low
CVE-2007-5461 was published for org.apache.tomcat:tomcat (Maven) May 1, 2022
Path traversal in github.com/cloudflare/cfrpki/cmd/octorpki Low
GHSA-8459-6rc9-8vf8 was published for github.com/cloudflare/cfrpki (Go) Feb 14, 2022
Plugin archive directory traversal in Helm Low
CVE-2020-4053 was published for helm.sh/helm/v3 (Go) Jun 23, 2021
snoopysecurity
Path traversal in Node-Red Low
CVE-2021-21298 was published for @node-red/runtime (npm) Feb 26, 2021
Directory Traversal vulnerability in GET/PUT allows attackers to Disclose Information or Write Files via a crafted GET/PUT request Low
CVE-2020-15239 was published for xmpp-http-upload (pip) Oct 6, 2020
ChristianTacke
ProTip! Advisories are also available from the GraphQL API