Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,237
Erlang
31
GitHub Actions
20
Go
2,000
Maven
5,000+
npm
3,711
NuGet
661
pip
3,383
Pub
11
RubyGems
885
Rust
849
Swift
36
Unreviewed advisories
All unreviewed
5,000+

6,264 advisories

Loading
Directory traversal vulnerability in module.php in PhpGedView 4.2.3 and possibly other versions,... Moderate Unreviewed
CVE-2011-0405 was published May 17, 2022
Directory traversal vulnerability in index.php in OrangeHRM 2.6.0.1 allows remote attackers to... Moderate Unreviewed
CVE-2010-4798 was published May 17, 2022
Directory traversal vulnerability in admin/updatelist.php in BaconMap 1.0 allows remote attackers... Moderate Unreviewed
CVE-2010-4801 was published May 17, 2022
Directory traversal vulnerability in WebSEAL in IBM Tivoli Access Manager for e-business 6.1.1... Moderate Unreviewed
CVE-2010-4622 was published May 17, 2022
Directory traversal vulnerability in the JotLoader (com_jotloader) component 2.2.1 for Joomla!... Moderate Unreviewed
CVE-2010-4617 was published May 17, 2022
Directory traversal vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla!... High Unreviewed
CVE-2010-4719 was published May 17, 2022
Path traversal in elFinder.NetCore High
CVE-2021-23428 was published for elFinder.NetCore (NuGet) Sep 2, 2021
Tempfile on Windows path traversal vulnerability High
CVE-2021-28966 was published for tmpdir (RubyGems) May 6, 2021
Path Traversal in GitHub repository prasathmani/tinyfilemanager prior to 2.4.7. Critical Unreviewed
CVE-2022-1000 was published Mar 18, 2022
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal... High Unreviewed
CVE-2022-23347 was published Mar 22, 2022
An issue was discovered in xmppserver jar in the XMPP Server component of the JIve platform, as... High Unreviewed
CVE-2021-45968 was published Mar 19, 2022
Some commands used by the Rockwell Automation ISaGRAF Runtime Versions 4.x and 5.x eXchange Layer... Critical Unreviewed
CVE-2020-25176 was published Mar 19, 2022
Rockwell Automation Connected Components Workbench v12.00.00 and prior does not sanitize paths... High Unreviewed
CVE-2021-27473 was published Mar 24, 2022
Passwork On-Premise Edition before 4.6.13 allows migration/downloadExportFile Directory Traversal... Moderate Unreviewed
CVE-2022-25266 was published Mar 25, 2022
Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server High
CVE-2022-24730 was published for github.com/argoproj/argo-cd (Go) Mar 24, 2022
alexmt jessesuen
The parsing mechanism that processes certain file types does not provide input sanitization for... High Unreviewed
CVE-2021-27471 was published Mar 24, 2022
Mendelson OFTP2 before 1.1 b43 is affected by directory traversal. To access the vulnerable code... Moderate Unreviewed
CVE-2022-27906 was published Mar 26, 2022
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows... Moderate Unreviewed
CVE-2022-26252 was published Mar 28, 2022
Passwork On-Premise Edition before 4.6.13 allows migration/uploadExportFile Directory Traversal ... High Unreviewed
CVE-2022-25267 was published Mar 25, 2022
Hiby Music Hiby OS R3 Pro 1.5 and 1.6 is vulnerable to Directory Traversal. The HTTP Server does... High Unreviewed
CVE-2021-44124 was published Mar 29, 2022
The Narnoo Distributor WordPress plugin through 2.5.1 fails to validate and sanitize the lib_path... Critical Unreviewed
CVE-2022-0679 was published Mar 29, 2022
The WordPress File Upload Free and Pro WordPress plugins before 4.16.3 allow users with a role as... High Unreviewed
CVE-2021-24962 was published Mar 29, 2022
Path Traversal in ImpressCMS High
CVE-2021-26601 was published for impresscms/impresscms (Composer) Mar 29, 2022
Path traversal in Jenkins Phoenix AutoTest Plugin Moderate
CVE-2022-28156 was published for com.surenpi.jenkins:phoenix-autotest (Maven) Mar 30, 2022
The String locator WordPress plugin before 2.5.0 does not properly validate the path of the files... Moderate Unreviewed
CVE-2022-0493 was published Mar 29, 2022
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database