Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,076
Erlang
29
GitHub Actions
19
Go
1,895
Maven
5,000+
npm
3,630
NuGet
638
pip
3,244
Pub
10
RubyGems
862
Rust
818
Swift
35
Unreviewed advisories
All unreviewed
5,000+
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.

5,016 advisories

Loading
An issue was discovered in webp_server_go 0.4.0. There is a directory traversal vulnerability... High Unreviewed
CVE-2021-46104 was published Jan 20, 2022
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. Moderate Unreviewed
CVE-2021-46203 was published Jan 20, 2022
Leostream Connection Broker 9.0.40.17 allows administrators to conduct directory traversal... Moderate Unreviewed
CVE-2021-41551 was published Jan 19, 2022
ASUS RT-AX56U’s login function contains a path traversal vulnerability due to its inadequate... Moderate Unreviewed
CVE-2022-22054 was published Jan 15, 2022
This affects the package Crow before 0.3+4. It is possible to traverse directories to fetch... High Unreviewed
CVE-2021-23514 was published Jan 14, 2022
ChronoForms 7.0.7 allows fname Directory Traversal to read arbitrary files. Moderate Unreviewed
CVE-2021-28376 was published Jan 13, 2022
ChronoForums 2.0.11 allows av Directory Traversal to read arbitrary files. Moderate Unreviewed
CVE-2021-28377 was published Jan 13, 2022
SphinxSearch in Sphinx Technologies Sphinx through 3.1.1 allows directory traversal (in... High Unreviewed
CVE-2020-29050 was published Jan 11, 2022
The CaasKit module has a path traversal vulnerability. Successful exploitation of this... Moderate Unreviewed
CVE-2021-40001 was published Jan 11, 2022
HwPCAssistant has a path traversal vulnerability. Successful exploitation of this vulnerability... Moderate Unreviewed
CVE-2021-40003 was published Jan 11, 2022
CoreFTP Server before 727 allows directory traversal (for file creation) by an authenticated... Moderate Unreviewed
CVE-2022-22836 was published Jan 11, 2022
An arbitrary file read vulnerability exists in NavigateCMS 2.9 via /navigate/navigate_download... High Unreviewed
CVE-2021-44351 was published Jan 7, 2022
The CAOS | Host Google Analytics Locally WordPress plugin before 4.1.9 does not validate the... Moderate Unreviewed
CVE-2021-25020 was published Jan 4, 2022
The OMGF | Host Google Fonts Locally WordPress plugin before 4.5.12 does not validate the cache... Moderate Unreviewed
CVE-2021-25021 was published Jan 4, 2022
An information exposure issue has been discovered in Opmantek Open-AudIT 4.2.0. The vulnerability... Moderate Unreviewed
CVE-2021-44674 was published Jan 4, 2022
Arbitrary file has a Exposure of Sensitive Information to an Unauthorized Actor vulnerability ... High Unreviewed
CVE-2021-37126 was published Jan 4, 2022
HwPCAssistant has a Path Traversal vulnerability .Successful exploitation of this vulnerability... Critical Unreviewed
CVE-2021-37128 was published Jan 4, 2022
HwPCAssistant has a Improper Input Validation vulnerability.Successful exploitation of this... High Unreviewed
CVE-2021-39970 was published Jan 4, 2022
Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due... Critical Unreviewed
CVE-2021-45427 was published Dec 31, 2021
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an... High Unreviewed
CVE-2021-20133 was published Dec 31, 2021
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an... High Unreviewed
CVE-2021-20134 was published Dec 31, 2021
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily... Critical Unreviewed
CVE-2020-20944 was published Dec 28, 2021
Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession... Moderate Unreviewed
CVE-2021-20876 was published Dec 25, 2021
Certain Starcharge products are vulnerable to Directory Traversal via main.cgi. The affected... High Unreviewed
CVE-2021-45418 was published Dec 23, 2021
A directory traversal vulnerability exists in the Web Manager File Upload functionality of... High Unreviewed
CVE-2021-21879 was published Dec 23, 2021
ProTip! Advisories are also available from the GraphQL API