Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

692 advisories

Loading
In versions 3.0.0-3.9.0, 2.0.0-2.9.0, and 1.0.1, the NGINX Controller Agent does not use absolute... Critical Unreviewed
CVE-2020-27730 was published May 24, 2022
The CivetWeb web library does not validate uploaded filepaths when running on an OS other than... Critical Unreviewed
CVE-2020-27304 was published May 24, 2022
The Cab fare calculator WordPress plugin through 1.0.3 does not validate the controller parameter... Critical Unreviewed
CVE-2022-1391 was published Apr 26, 2022
There are multiple unauthenticated directory traversal vulnerabilities in different FTP commands... Critical Unreviewed
CVE-2020-20277 was published May 24, 2022
In Real Player 20.0.7.309 and 20.0.8.310, external::Import() allows download of arbitrary file... Critical Unreviewed
CVE-2022-32270 was published Jun 4, 2022
The Enterprise License Manager portal in Mitel MiContact Center Enterprise before 9.4 could allow... Critical Unreviewed
CVE-2021-26714 was published May 24, 2022
An improper access control vulnerability in SMA100 allows a remote unauthenticated attacker to... Critical Unreviewed
CVE-2021-20034 was published May 24, 2022
An issue in Webbank WeCube v3.2.2 allows attackers to execute a directory traversal via a crafted... Critical Unreviewed
CVE-2022-28945 was published Jun 3, 2022
ZipSlip vulnerability in bblfshd Critical Unreviewed
CVE-2021-32825 was published May 24, 2022
Path Traversal in file editor on Windows in Gogs Critical
CVE-2022-1992 was published for gogs.io/gogs (Go) Jun 8, 2022
1135
A vulnerability was found in soerennb eXtplorer up to 2.1.12 and classified as critical. Affected... Critical Unreviewed
CVE-2019-25097 was published Jan 5, 2023
Directory traversal vulnerability in Trend Micro Control Manager 6.0 allows remote code execution... Critical Unreviewed
CVE-2017-11389 was published May 17, 2022
A vulnerability was found in soerennb eXtplorer up to 2.1.12. It has been classified as critical.... Critical Unreviewed
CVE-2019-25098 was published Jan 5, 2023
ATutor versions 2.2.1 and earlier are vulnerable to a directory traversal and file extension... Critical Unreviewed
CVE-2017-1000002 was published May 17, 2022
iSpyConnect iSpy v7.2.2.0 is vulnerable to path traversal. Critical Unreviewed
CVE-2022-29774 was published Jun 22, 2022
In Anti-Web through 3.8.7, as used on NetBiter FGW200 devices through 3.21.2, WS100 devices... Critical Unreviewed
CVE-2017-9097 was published May 17, 2022
Path traversal in Concrete CMS Critical
CVE-2022-30117 was published for concrete5/core (Composer) Jun 25, 2022
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path... Critical Unreviewed
CVE-2022-2119 was published Jun 25, 2022
The AFDudley/equanimity repository through 2014-04-23 on GitHub allows absolute path traversal... Critical Unreviewed
CVE-2022-31511 was published Jul 12, 2022
The BolunHan/Krypton repository through 2021-06-03 on GitHub allows absolute path traversal... Critical Unreviewed
CVE-2022-31513 was published Jul 12, 2022
The idayrus/evoting repository before 2022-05-08 on GitHub allows absolute path traversal because... Critical Unreviewed
CVE-2022-31508 was published Jul 12, 2022
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed
CVE-2020-20944 was published Dec 28, 2021
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload... Critical Unreviewed
CVE-2022-1518 was published Jun 25, 2022
The Product Configurator for WooCommerce WordPress plugin before 1.2.32 suffers from an arbitrary... Critical Unreviewed
CVE-2022-1953 was published Jun 28, 2022
Tooxie Shiva 0.10.0 allows absolute path traversal because Flask send_file function used unsafely Critical
CVE-2022-31558 was published for shiva (pip) Jul 12, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database